Negotiate auth performed while using private mode browsing




9 years ago
4 years ago


(Reporter: ulli.brennenstuhl, Assigned: mayhemer)


3.6 Branch

Firefox Tracking Flags

(Not tracked)




9 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; de; rv: Gecko/20100625 Firefox/3.6.6
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100625 Firefox/3.6.6

While debugging a problem with a single-sign-on system I switched to private mode to test a case when no cookie is present and without kerberos negotiate auth, but negotiate auth still sent the credentials. This isn't a very common scenario, but I still think in private browsing mode negotiate auth should not sent credentials.

Reproducible: Always

Steps to Reproduce:
1. Go to a webpage the browser is configured to perform auth via negotiate auth to see if it is generally working
2. Switch on private mode
3. Go to the same webpage, is still working but shouldn't

Expected Results:  
Authenticated with negotiate auth

No authentication credentials should be sent


9 years ago
Version: unspecified → 3.6 Branch
Reporter, can you still reproduce this bug in Firefox 6?

Please update to Firefox 6 or later, update your plugins, and retest in a new profile. If you still see the issue with the updated version of Firefox, please post here. Otherwise, please close as RESOLVED > WORKSFORME.

Comment 2

8 years ago
The issue is still present. I am running openSuse 11.4 using MozillaFirefox 6.0-2.1 x86_64 from the openSuse Buildservice

Comment 3

4 years ago

this issue is still open to me using Firefox 35.0.1 on Windows 7 x64 as well as Windows 8.1 x64.

I really think, Negotiate/Kerberos Credentials shouldn't be sent in Private Mode.
Component: General → Private Browsing

Comment 4

4 years ago
This is weird.  If the credentials cache it's not properly isolated, then we really have a bug.  I can take a look.
Assignee: nobody → honzab.moz

Comment 5

4 years ago
This is INVALID.  Cannot reproduce and confirmed that we correctly isolate private auth cache from the regular one.

I think you missmatched windows.

If you have another steps to reproduce (probably more needs to be done) then please provide them and reopen this bug.
Last Resolved: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.