Closed Bug 669307 Opened 13 years ago Closed 5 years ago

Can't remove JSESSIONID

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
4.0 Branch
Platform:
All
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: larkvagen, Unassigned)

Details

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322)

Steps to reproduce:

Hi

When I log in to my corporates website using SSO and then log out I'm deleting cookies from server side (java).
I use the code 

cookie.setMaxAge(0);
cookie.setValue("");
cookie.setDomain(secureCookieDomain);
cookie.setPath("/");
request.getServletResponse(true).addCookie(cookie);

The above domain and path is correct, and I am in the right domain when trying to delete the JSESSIONID cookie. The domain of JSESSIONID is 3 levels like department.company.com

this works for other cookies and for JSESSIONID in other browsers but not in Firefox 4.01, if I try to log in again the JSESSIONID cookie is still there and has the same value as before and let me in directly, not having the chance to select certificate etc.


Actual results:

I get logged in again


Expected results:

I should have been rejected or get the chance to select a new certificate.

Unfortunately we never diagnosed this at the time it was filed and much has changed since then. If it is still an issue in the latest Firefox, please feel free to re-open and update us on the status.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.