User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322) Steps to reproduce: Hi When I log in to my corporates website using SSO and then log out I'm deleting cookies from server side (java). I use the code cookie.setMaxAge(0); cookie.setValue(""); cookie.setDomain(secureCookieDomain); cookie.setPath("/"); request.getServletResponse(true).addCookie(cookie); The above domain and path is correct, and I am in the right domain when trying to delete the JSESSIONID cookie. The domain of JSESSIONID is 3 levels like department.company.com this works for other cookies and for JSESSIONID in other browsers but not in Firefox 4.01, if I try to log in again the JSESSIONID cookie is still there and has the same value as before and let me in directly, not having the chance to select certificate etc. Actual results: I get logged in again Expected results: I should have been rejected or get the chance to select a new certificate.
You need to log in before you can comment on or make changes to this bug.