367688 - Closing Tabs Doesn't Delete Session Cookies

Status: RESOLVED DUPLICATE of bug 117222

(Firefox :: Bookmarks & History, defect)

Description

[mlissner@michaeljaylissner.com]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20060601 Firefox/2.0.0.1 (Ubuntu-edgy)

On websites that use cookies which expire when the browser is closed, closing the tabs does not delete them. This means that if a friend uses the a new tab in the same browser to visit a secure site, and then closes the tab as a way to log out, they will remain logged in, and the recently closed tabs feature will allow reentry.

Reproducible: Always

Steps to Reproduce:
 - Log into a site that uses cookies that expire upon browser closure
 - Close the tab
 - Reopen the tab using the recently used tabs feature or by navigating back to the page.
 - The login credentials are still good.
Actual Results:  
The cookie is not deleted, and one does not need to log back into the site.

Expected Results:  
It should delete session cookies when the tabs are closed as well as when the browser is closed.

Comment 1

[(not reading, please use seth@sspitzer.org instead)]

> when the browser is closed

Do you mean when a browser window is closed, or when we exit the browser?

Comment 2

[:Gavin Sharp [email: gavin@gavinsharp.com]]

This sounds like expected behavior, to me. We don't equate "the tab is closed" with the "session ends". The "session" only ends when the browser process is terminated.

Comment 4

[Simon Bünzli]

(In reply to comment #2)
> The "session" only ends when the browser process is terminated.

With Session Restore, even that's no longer generally true: see e.g. bug 345345.