Closed
Bug 450850
Opened 16 years ago
Closed 16 years ago
Cookies not cleared when Firefox exits
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: digital56k, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 When the privacy preference "Always clear my private data when I close Firefox" is enabled and the "Settings..." dialog has been set to erase cookies, the latest version of Firefox is not clearing cookies when all instances are closed normally. I noticed this after my banks website mysteriously started managing to remember my user name on return visits days apart. "Show Cookies" confirms this behavior. Having been used to this feature working in past I generally expect that closing out the browser before visiting sites that I don't lend much trust to will erase all tracking cookies, prevent some types of XSS attacks on authenticated sites and so forth. Apparently that is no longer the case. I have Adblock Plus, Web Developer, and NoScript extensions installed, but I doubt these are interfering with this function of the browser. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Comment 1•16 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 This works fine for me, also with latest trunk. Please retest with a new profile: http://support.mozilla.com/en-US/kb/Basic+Troubleshooting#Make_a_new_profile
Reporter | ||
Comment 2•16 years ago
|
||
Ria: Your comment prompted me to go take a look at the profiles folder. It seems that the latest update to Torbutton (1.2.0) is managing cookies outside of the Firefox cookie system in a file called "cookies-nontor.xml" in the users profile folder, and that although it is possible to manually clear all cookies for a session Torbutton does not forget them and in fact re-instates them next time Firefox is loaded. Therefor, not a bug in Firefox and definitely some kind of problem in Torbutton add-on. Thanks for your help :)
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
Comment 3•16 years ago
|
||
(In reply to comment #2) > Ria: > > Your comment prompted me to go take a look at the profiles folder. It seems > that the latest update to Torbutton (1.2.0) is managing cookies outside of the > Firefox cookie system in a file called "cookies-nontor.xml" in the users > profile folder, and that although it is possible to manually clear all cookies > for a session Torbutton does not forget them and in fact re-instates them next > time Firefox is loaded. > > Therefor, not a bug in Firefox and definitely some kind of problem in Torbutton > add-on. > > Thanks for your help :) Thanks for looking into it and for letting us know. Have you informed the torbutton authors about this behaviour? If not, we can make sure they're aware of it - since obviously people who use the addon are more likely than most to be concerned about cookie behaviour as well.
Comment 4•16 years ago
|
||
Copying Mike Perry in on this, since he mentions in bug 248970 comment 147 that he is one of the torbutton developers. Given the email address he used though, I'm not sure he'll see this.
Comment 5•16 years ago
|
||
Filed task 810 with torbutton, linking back here: https://bugs.torproject.org/flyspray/index.php?do=details&id=810
You need to log in
before you can comment on or make changes to this bug.
Description
•