Private browsing uses form auto-fill data from non-private sessions

RESOLVED WONTFIX

Status

()

RESOLVED WONTFIX
6 years ago
4 years ago

People

(Reporter: st3fan, Unassigned)

Tracking

Trunk
x86
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
I understand this can be a design decision as currently implemented. It is however not consistent with how we deal with sharing cookies and (local/indexeddb) storage between normal and private mode.

STR:

1) Clean your Firefox data
2) Go to some site that has form-based login
3) Login to the site and when Firefox asks to remember the password, do so

4) Open a Private Browsing tab
5) Go to the same site
6) Start typing your username

Expected:

Firefox does not know about / suggest the login info.

Actual:

The login form is auto-filled with the data from the non-private session
(In reply to Stefan Arentz [:st3fan] from comment #0)
> I understand this can be a design decision as currently implemented. It is
> however not consistent with how we deal with sharing cookies and
> (local/indexeddb) storage between normal and private mode.

One difference is that sites can access your cookies and local storage, but they can't access your auto-fill data until it's actually in the form.

Also, I can reproduce this in desktop Firefox, so should this be filed in a more generic product?
(In reply to Stefan Arentz [:st3fan] from comment #0)

> 1) Clean your Firefox data
> 2) Go to some site that has form-based login
> 3) Login to the site and when Firefox asks to remember the password, do so
> 
> 4) Open a Private Browsing tab
> 5) Go to the same site
> 6) Start typing your username
> 
> Expected:
> 
> Firefox does not know about / suggest the login info.
> 
> Actual:
> 
> The login form is auto-filled with the data from the non-private session

This seems backwards to me.

I would expect Firefox to know about login data saved in a non-private session. Same way Firefox knows about cookies and history saved during non-private sessions.

I would expect Firefox to NOT save login data entered in a private session.

Comment 3

6 years ago
What Mark describes is how desktop PB mode operates, and how I would expect mobile to act as well.
(Reporter)

Comment 4

6 years ago
I must admit that I have never used the Firefox Desktop private mode. I usually start Chrome, which has the behaviour that I described.

(That will change when the new per-window PB code lands of course! :-)

Comment 5

6 years ago
(In reply to comment #2)
> This seems backwards to me.
> 
> I would expect Firefox to know about login data saved in a non-private session.
> Same way Firefox knows about cookies and history saved during non-private
> sessions.
> 
> I would expect Firefox to NOT save login data entered in a private session.

Correct.  Furthermore, Firefox desktop would not autofill your login information in private tabs, in order to discourage accidental usage of that information to login in private tabs, but they should still be available in the autocomplete menu.  The behavior here seems to match that of the the desktop builds, which is what I would like it to be.

Comment 6

6 years ago
(In reply to comment #4)
> I must admit that I have never used the Firefox Desktop private mode. I usually
> start Chrome, which has the behaviour that I described.

FWIW, please do compare the behavior of Firefox desktop in the future with that of mobile.  Chrome's implementation is a bit more lenient in some cases IIRC, and we don't necessary want to follow their ideas where they don't make sense.
Seems like things are working as intended
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX

Updated

4 years ago
Duplicate of this bug: 864137
You need to log in before you can comment on or make changes to this bug.