775039 - Active logins are not cleared when clearing private data

Status: VERIFIED FIXED

(Firefox for Android Graveyard :: General, defect)

Description

[Adrian Tamas (:AdrianT)]

Nightly 17.0a1 2012-07-17/ Firefox Mobile 15.0b1
Device: HTC Desire (Android 2.2)/Samsung Galaxy S2 (Android 2.3.4)

Steps to reproduce:
1. Go to bugzilla.mozilla.org.
2. Login with a valid account/persona id.
3. Clear private data.
4. Go back and reload the page.

Expected results:
The user is logged out.

Actual results:
The user is still logged in after clearing the private data.

Comment 1

[Brian Nicholson (:bnicholson)]

"Active logins" apparently only clears HTTP session tokens. Many sites, however, use cookies for sessions. It does work for me if I choose "Cookies" instead of "Active logins".

I think it would make sense to merge the two.

Comment 2

[Brian Nicholson (:bnicholson)]

Attachment: Combine clearing cookies and active logins

Merges cookies and active logins into a single pref.

Comment 3

[Brian Nicholson (:bnicholson)]

Attachment: Combine clearing cookies and active logins, v2

I also threw geolocation into here since we weren't clearing that anywhere.

Comment 4

[Mark Finkle (:mfinkle) (use needinfo?)]

Comment on attachment 643673 [details] [diff] [review]
Combine clearing cookies and active logins, v2

I think geolocation should be in "site settings" right? We clear geolocation for a single site via the "Clear Site Settings" menu.

I am liking my "switch block" idea more and more :)

r- to nail down the geolocation grouping. We also need UX buy in for logins + cookies grouping.

Comment 5

[Andreea Pod]

Active logins are not cleared even if you clear your profile from Android Settings through "Clear data" button. Is this the same issue?

Comment 6

[Kevin Brosnan [Ex-Mozilla]]

Does this fix include clearing logins for http auth?

Comment 7

[Brian Nicholson (:bnicholson)]

(In reply to Kevin Brosnan [:kbrosnan] from comment #6)
> Does this fix include clearing logins for http auth?

That's what "Active logins" should do currently. This patch will clear both cookies and http auth with the same option (Cookies & active logins).

Comment 8

[Brian Nicholson (:bnicholson)]

Attachment: Combine clearing cookies and active logins, v3

Uses switch statement and moves geolocation clearing to cookies.

Comment 9

[Brian Nicholson (:bnicholson)]

(In reply to Andreea Pod from comment #5)
> Active logins are not cleared even if you clear your profile from Android
> Settings through "Clear data" button. Is this the same issue?

That would be a separate bug, though I'm confused how that would even happen. "Clear data" should blow away all data associated with the app, so you shouldn't even have your profile - much less any active logins - after clicking it. It should have the same effect as uninstall/reinstalling the app. That's something done by Android, not us.

Comment 10

[Brian Nicholson (:bnicholson)]

http://hg.mozilla.org/integration/mozilla-inbound/rev/9a676a486b5d

Comment 11

[Brian Nicholson (:bnicholson)]

Comment on attachment 643965 [details] [diff] [review]
Combine clearing cookies and active logins, v3

[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 754335
User impact if declined: "active logins" terminology is confusing; users may think it should clear their logins when they really need to clear their cookies
Testing completed (on m-c, etc.): just landed m-i
Risk to taking this patch (and alternatives if risky): low
String or UUID changes made by this patch: 1 change: "Cookies" -> "Cookies & active logins"

Comment 12

[Ed Morley [:emorley]]

https://hg.mozilla.org/mozilla-central/rev/9a676a486b5d

Comment 13

[Francesco Lodolo [:flod]]

IMO this patch shouldn't have passed review for this, so please think twice before approving it for beta or aurora.

-<!ENTITY pref_private_data_cookies "Cookies">
+<!ENTITY pref_private_data_cookies "Cookies &amp; active logins">

Opened bug 776255

Comment 14

[Axel Hecht [:Pike]]

What flod said, please don't approve for aurora and beta.

Comment 15

[Andreea Pod]

(In reply to Brian Nicholson (:bnicholson) from comment #9)
> (In reply to Andreea Pod from comment #5)
> > Active logins are not cleared even if you clear your profile from Android
> > Settings through "Clear data" button. Is this the same issue?
> 
> That would be a separate bug, though I'm confused how that would even
> happen. "Clear data" should blow away all data associated with the app, so
> you shouldn't even have your profile - much less any active logins - after
> clicking it. It should have the same effect as uninstall/reinstalling the
> app. That's something done by Android, not us.

I am not able to reproduce this anymore, if I see it again I will file a bug and try to save logs.

Build: Firefox 17.0a1 (2012-07-22)
Device: LG Optimus 2X (Android 2.2.2)

Comment 16

[Alex Keybl [:akeybl]]

(In reply to Brian Nicholson (:bnicholson) from comment #11)
> String or UUID changes made by this patch: 1 change: "Cookies" -> "Cookies &
> active logins"

This string change doesn't seem necessary to me (unlike the addition in bug 775029), and would break some translations already made. Can we prepare patches for m-a/m-b without the string change?

Comment 17

[Alex Keybl [:akeybl]]

Missed the part about this combining options, as opposed to adding the clearing of active logins. Let's leave them separated for 15/16.

Comment 18

[Lukas Blakk [:lsblakk] use ?needinfo]

Untracking for 15 since we're going to leave this to ride the trains.