Open Bug 860440 Opened 12 years ago Updated 2 years ago

[UX] Fix confusion between "Cookies" and "Active Logins" in the "Clear Recent History" (sanitize) dialog

Categories

(Firefox :: Settings UI, defect)

Product:
Firefox
Component:
Settings UI
Type:
defect
Points:
5

Tracking

()

People

(Reporter: mbrubeck, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: uiwanted, Whiteboard: [ux])

Attachments

(2 files)

Sanitize dialog which includes SUMO link
35.72 KB, image/png
Details
Sanitize dialog with a short description of the selected item
41.98 KB, image/png
Details
The "Clear Recent History" dialog contains an option to clear "Active Logins", which means HTTP Auth sessions. Since most web sites use cookies instead of HTTP Auth for login, this is confusing and leads to unexpected behavior: Users expect they will be logged out if "Active Logins" is checked, and users expect to remain logged in if "Active Logins" is unchecked; neither works as expected. For example see bug 492455, bug 615822, and bug 686623. We could make this less confusing by combining the two checkboxes into a single "Cookies and Logins" checkbox that clears both types of data. Madhava, do you agree with this proposed change? (Downside: This might break some users' workflow who depend on this dialog to log out of HTTP Auth sites but don't want to delete all their cookies. We could preserve this ability for power users while still reducing confusion, if we changed "Active Logins" to a more specific string like "HTTP Auth Sessions" -- the obvious downside being added jargon.)
Flags: needinfo?(madhava)
This might also be improved by bug 483422.
Depends on: 483422
(In reply to Matt Brubeck (:mbrubeck) from comment #0) > We could make this less confusing by combining the two checkboxes into a > single "Cookies and Logins" checkbox that clears both types of data. The point is to give fine, line-item control over which types of data are cleared (instead of, e.g., a vague blob of a term like "private data"). Cf. default history settings in the preferences dialog. > [We could change] "Active Logins" to a more specific string like > "HTTP Auth Sessions" -- the obvious downside being added jargon.) "Cookies" is jargon itself, and it's the liklier of the two to be most relevant for most people, since HTTP auth doesn't get used much. So it's probably got an even lower impact than you'd suspect at first blush. One thing that might also be helpful is a link to a SUMO page created specifically to help with the sanitize dialog. It would only appear when the details wrapper is expanded. See the mockup.
Another way would be to include in the details wrapper a short description for each item that will change to explain the one selected. See the attached mockup.
(In reply to Colby Russell :crussell from comment #2) [...] > > [We could change] "Active Logins" to a more specific string like > > "HTTP Auth Sessions" -- the obvious downside being added jargon.) > > "Cookies" is jargon itself, and it's the liklier of the two to be most > relevant for most people, since HTTP auth doesn't get used much. So it's > probably got an even lower impact than you'd suspect at first blush. (That was a vote to change the "Active Logins" string to "HTTP Auth Sessions" or something less shiny and less likely to mislead compared to the current string.)
Component: Bookmarks & History → General
Assignee: mbrubeck → nobody
Keywords: uiwanted
It also seems to me that even with both options set, isn't working like it should. For instance: 1. Log into website (which uses cookies to store PHPSESSID for login status). 2. Ctrl-Shift-Del, and delete both cookies & active logins from the last hour. 3. Reload the webpage. I'd expect to find myself logged out. But actually, I'm still logged in as normal. (tested in Fx ESR 24.3 and 27) Also, I agree that "active logins" should be renamed "HTTP Auth Sessions" or such.
(In reply to Richard Neill from comment #5) > It also seems to me that even with both options set, isn't working like it > should. For instance: > > 1. Log into website (which uses cookies to store PHPSESSID for login status). > 2. Ctrl-Shift-Del, and delete both cookies & active logins from the last > hour. > 3. Reload the webpage. > > I'd expect to find myself logged out. But actually, I'm still logged in as > normal. > (tested in Fx ESR 24.3 and 27) I'm not an expert on this topic, but that seems very odd. Are you sure the session isn't stored in the URL (do websites still do that?) or localStorage?
Re #6: Thanks for your reply. Yes, I'm sure of this - I wrote the site in question, and it uses a single cookie to store PHPSESSID. I also can replicate the behaviour with this bugzilla. On the other hand, google-chrome does what I expect.
(In reply to Richard Neill from comment #7) > Re #6: > Thanks for your reply. Yes, I'm sure of this - I wrote the site in question, > and it uses a single cookie to store PHPSESSID. I also can replicate the > behaviour with this bugzilla. On the other hand, google-chrome does what I > expect. Thanks for checking! That behavior sounds troubling, but it is something different than this bug. Could you file a separate bug for it, ideally with a link to your test case? Thanks!
Summary: Fix confusion between "Cookies" and "Active Logins" in the "Clear Recent History" (sanitize) dialog → [UX] Fix confusion between "Cookies" and "Active Logins" in the "Clear Recent History" (sanitize) dialog
No longer blocks: fxdesktopbacklog
Flags: firefox-backlog+
Whiteboard: [ux] p=0 → [ux] p=5
Points: --- → 5
Flags: qe-verify-
Whiteboard: [ux] p=5 → [ux]
+1 to fixing this, I found it really misleading. I spent some hours trying to get Firefox to clear all logins upon close, yet keep other site preferences between using Firefox, to no avail. It was not clear to me that "Active Logins" means HTTP Auth only and there was nothing in the Help/SuMo to explain the difference either.
Flags: needinfo?(madhava)
Component: General → Preferences
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: