Closed Bug 820662 Opened 12 years ago Closed 12 years ago

Private browsing uses form auto-fill data from non-private sessions

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: st3fan, Unassigned)

References

Details

I understand this can be a design decision as currently implemented. It is however not consistent with how we deal with sharing cookies and (local/indexeddb) storage between normal and private mode. STR: 1) Clean your Firefox data 2) Go to some site that has form-based login 3) Login to the site and when Firefox asks to remember the password, do so 4) Open a Private Browsing tab 5) Go to the same site 6) Start typing your username Expected: Firefox does not know about / suggest the login info. Actual: The login form is auto-filled with the data from the non-private session
(In reply to Stefan Arentz [:st3fan] from comment #0) > I understand this can be a design decision as currently implemented. It is > however not consistent with how we deal with sharing cookies and > (local/indexeddb) storage between normal and private mode. One difference is that sites can access your cookies and local storage, but they can't access your auto-fill data until it's actually in the form. Also, I can reproduce this in desktop Firefox, so should this be filed in a more generic product?
(In reply to Stefan Arentz [:st3fan] from comment #0) > 1) Clean your Firefox data > 2) Go to some site that has form-based login > 3) Login to the site and when Firefox asks to remember the password, do so > > 4) Open a Private Browsing tab > 5) Go to the same site > 6) Start typing your username > > Expected: > > Firefox does not know about / suggest the login info. > > Actual: > > The login form is auto-filled with the data from the non-private session This seems backwards to me. I would expect Firefox to know about login data saved in a non-private session. Same way Firefox knows about cookies and history saved during non-private sessions. I would expect Firefox to NOT save login data entered in a private session.
What Mark describes is how desktop PB mode operates, and how I would expect mobile to act as well.
I must admit that I have never used the Firefox Desktop private mode. I usually start Chrome, which has the behaviour that I described. (That will change when the new per-window PB code lands of course! :-)
(In reply to comment #2) > This seems backwards to me. > > I would expect Firefox to know about login data saved in a non-private session. > Same way Firefox knows about cookies and history saved during non-private > sessions. > > I would expect Firefox to NOT save login data entered in a private session. Correct. Furthermore, Firefox desktop would not autofill your login information in private tabs, in order to discourage accidental usage of that information to login in private tabs, but they should still be available in the autocomplete menu. The behavior here seems to match that of the the desktop builds, which is what I would like it to be.
(In reply to comment #4) > I must admit that I have never used the Firefox Desktop private mode. I usually > start Chrome, which has the behaviour that I described. FWIW, please do compare the behavior of Firefox desktop in the future with that of mobile. Chrome's implementation is a bit more lenient in some cases IIRC, and we don't necessary want to follow their ideas where they don't make sense.
Seems like things are working as intended
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.