Firefox caches login information even with logout or reopening browser

RESOLVED WORKSFORME

Status

()

Firefox
Security
--
major
RESOLVED WORKSFORME
13 years ago
11 years ago

People

(Reporter: Daedelus, Unassigned)

Tracking

1.0 Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: CLOSEME 07/14, URL)

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6

I have more than one GMail account. When I try to logout of one to check
another, I keep getting re-logged in to the first account. I've tried logging
out manually, closing and reopening the browser, no dice. Consider this a
significant security problem, short of clearing the cache (not always practical
for novice users) there doesn't seem to be a way to login to a different account.

This could be an issue with GMail, but this problem is NOT reproducable under IE
or Safari.

Reproducible: Always

Steps to Reproduce:
1. Go to http://www.gmail.com
2. Login to account
3. Click "Logout" in upper right hand corner
4. Login as a DIFFERENT GMail user.
5. Look in the upper right part of the window, notice that you are still logged
in as the first account you tried.

Actual Results:  
I remained logged in as the first account, regardless of the number of attempts
to log out.

Expected Results:  
I should have been logged out and been able to login to the other pertinent
accounts.

This is a vanilla install of the latest version, I just installed it an hour ago.

Comment 1

13 years ago
Gmail uses cookies ...

Comment 2

12 years ago
On a related note (trying not to create another bug report) I have been doing some PHP development and WebServer Development (C++).

Whenever you login to my site (localhost) using IE or Firefox, my PHP system uses session variables to manage logins. Now when you close IE without logging out, you will be required to login again whenever you reopen IE.

This however is not the behavior of Firefox. If you close the browser in a logged in session, and then reopen the browser, the connection still seem to be there.

Proposal:
What I want to propose is based on the behavior of IE in that whenever you close IE with the 'X' at the top right hand corner, it creates a connection to the website for a split second and does an unclean terminate of the TCP session then cleans up memory and quits etc. etc....

This behavior tells the Apache subsystem that the user is no longer available and signals PHP to destroy the session varibles for that user.

And that is how closing a browser, terminates a logged in session, at least in PHP apache.

If Firefox mimics this behavior then there will be no problem.




Comment 3

12 years ago
Can bug 358042 and bug 345345 be marked as duplicates/dependencies?
Reporter, do you still see this problem with the latest Firefox 2? If not, can you please close this bug as WORKSFORME. Thanks!
Whiteboard: CLOSEME 07/14
Version: unspecified → 1.0 Branch
Anthon, this bug was filed against Fx 1.0.1, well before session restore was introduced.

Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.6pre) Gecko/20070724 BonEcho/2.0.0.6pre ID:2007072403

No response from reporter re: comment 4 and wfm -->WORKSFORME.
Reporter, if you still see this problem with the latest release of Firefox 2, please reopen this bug. Thanks!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.