Always remebering exchange logon and password

RESOLVED INCOMPLETE

Status

()

Firefox
Security
RESOLVED INCOMPLETE
10 years ago
8 years ago

People

(Reporter: Gary, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008051206 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008051206 Firefox/3.0

We run an Exchange 2003 server. When using the OWA for the first time I get the Remember Password popup, when I select Never and close the program, it still logs on automatically. I have verified that the exchange site (mail.wrah.com) is on the don't remember password list. Removing the password brings up the Microsoft logon screen the next time, but then saves the password again. Shutting down and restarting Mozilla does not bring up the logon screen, just straight into the last account logged on to.

Reproducible: Always

Steps to Reproduce:
1.Log on to Exchange 2003 account, select never remember password
2.Close Mozilla
3. Go to exchange site again, logs automatically on.
Actual Results:  
logs on to account

Expected Results:  
Should not remember password
(Reporter)

Comment 1

10 years ago
Seems to be a time component to this.  Closing Mozilla does not remove the password from memory right away.  Leaving the program closed overnight does seem to remove the logon and password information.

Comment 2

10 years ago
You might be confusing cookies and password manager.
Remembering the password auto-fills the login and password fields, where cookies will keep you logged in to a site during a session/specified period of time. For something like exchange web access; cookies are required to navigate the site without having to log in after every action. There may be a few addons https://addons.mozilla.org/en-US/firefox/ to manage cookies that could be of use, but even better, you will probably want to configure your exchange web server to issue only session cookies rather than cookies that expire after a specified time (24 hours by your description).
If however your exchange server is already set to issue session cookies then this could be a cookie bug.

Comment 3

10 years ago
(In reply to comment #2)
I also forgot to mention. If you are a user of the exchange server rather than someone with the power to change cookie settings, there is an option in the page permissions (Tools menu > Page Info > Permissions) to 'Allow for Session' on cookies.
Please check these things and report your findings so we can properly triage this bug with the results.
Resolving unconfirmed bugs older than a year with no activity as INCOMPLETE.  Please reopen or file a new bug if you can still reproduce the bug.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.