Closed Bug 785752 Opened 12 years ago Closed 12 years ago

session remains open on gmail when restoring tabs


(Firefox :: Session Restore, defect)

14 Branch
Windows 7
Not set





(Reporter: pmespace-subs, Unassigned)


User Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1
Build ID: 20120713134347

Steps to reproduce:

My firefox is set to never save GMAIL passwords. It should be impossible to just open the GAMIL app and get connected.
I use to open a specific web page when opening firefox but for some reasons changed to reopen the last tabs. Inside the last tabs was an opened GMAIL session.

Actual results:

When restarting firefox it restored the GMAIL session. That means the password was kept and restored even though the security settings should prevent that.

Expected results:

Though it is understandable that wanting to restore the last tabs should bring up all existing alive sessions, it is a breach when firefow should never store any password. That means it keeps cookies despite the fact it shouldn't.
What is more bothering is the fact that if the user keeps opening the same web page it doesn't happen but changing to reopen the last tabs keeps the session alive. Somebody could then simply chnage the settings and let somebody close its firefox application, restarting it might bring up existing alive sessions giving unauthorised access (at least not as expected by the prime user).
The way firefox restarts (keeping or not the tabs) has then an impact on how security settings are enforced, something which could be maliciously used to gain access to a password protected account.
Component: Untriaged → Session Restore
The password isn't kept but instead the session cookie
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.