Closed Bug 417711 Opened 17 years ago Closed 17 years ago

after a crash, "Restore session" allows continued access to password protected web pages opened during crashed session

Categories

(Toolkit :: Password Manager, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 345345

People

(Reporter: buggyzilly, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 After power off or reset type crash during which Firefox is open and logged on to password protected sites (email accounts), restarting the computer and then Firefox brings up a dialog "restore session or start new session". If you "restore session" you are reconnected to the password protected sites and CAN REFRESH them (i.e. get new mail if any) without the master password request popping up or having to re-login. Accessing a password protected site that was not already displayed in the crashed Firefox session causes the master password popup to display and requires a login, but not sites that were being accessed in the crashed session. I expect this is something to do with cookies, and may expire at the remote site end in the normal session expiry time, but it seems insecure. Or convenient, which is often the same thing. Reproducible: Always Steps to Reproduce: 1.run Firefox 2.0.0.12, log in to web mail site 2.power off computer or press reset button 3.restart computer, run Firefox, select "restore session", refresh mail ("Check Mail" at mail.com, "get mail" at tesco.net) Actual Results: new mail is displayed, if any or "no new mail" Expected Results: Might be better if one was required to log in again.
Dupe of #345345
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.