User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0

Steps to reproduce:

A non google site offers 'log in with google' rather than creating a new site-specific account. I use this option and supply my Google credentials. If I (or anyone else) subsequently opens gmail in a different tab they get straight through to my gmail inbox without supplying credentials. To avoid this undesirable behaviour after supplying my google credentials I go Preferences -> Privacy & Security -> Cookies and Site Data -> Clear Data. When this is complete Firefox informs me that 'Your stored cookies, site data, and cache are currently using 0 bytes of disk space.'
I then open a new tab and go to www.gmail.com

Actual results:

I get straight into my inbox without having to provide any credentials.

Expected results:

Firefox should have erased my google credentials and I should not be able to access my gmail inbox without providing the credentials again.
Firefox is clearly still storing these credentials and is misleading the user by erroneously reporting that it is using 0 bytes of disk space.

This isn't really exploitable by attackers, so I don't think keeping it security-sensitive is useful, but I'll leave this non-security confidential for now and leave final judgement for Johann.

Hm, a few questions (in descending order of importance):

• Did you close all open tabs before clearing data? If not, can you try that?
• If you reload about:preferences after clearing data, does it still say 0 bytes? What does the site data manager ("Manage Data..." button) show?
• Can you attach a copy of your about:support data?
• Is this a recent regression, i.e. was there a point in the past when it worked fine?

Thanks!

un-confidentialing this bug, as we don't usually keep those hidden. Data sanitization, like every feature, has bugs and it's more helpful to have broader visibility on them.

Hi Johann,

Did you close all open tabs before clearing data? If not, can you try that?

I have tried just now,:

1. Open Firefox, open preferences tab and clear data => 'Your stored cookies, site data, and cache are currently using 0 bytes of disk space'

2. Open gmail tab and log in, close gmail tab

3. Refresh preferences tab, interestingly at this point it reads 'Your stored cookies, site data, and cache are currently using 0 bytes of disk space'

4. Press 'Clear data' button, it reads 'Your stored cookies, site data, and cache are currently using 0 bytes of disk space'

5. Refresh preferences tab, it reads 'Your stored cookies, site data, and cache are currently using 0 bytes of disk space'

6. Open new gmail tab, it goes straight to my inbox without supplying credentials, which leads me to conclude the above messages about 0 bytes of disk space can not be accurate.

   If you reload about:preferences after clearing data, does it still say 0 bytes? What does the site data manager ("Manage Data..." button) show?
   The 'Manage Data' button opens a window showing no sites, again implying that there is no stored information but if I open gmail in a fresh tab I get straight into my inbox.

   Can you attach a copy of your about:support data?
   Done

   Is this a recent regression, i.e. was there a point in the past when it worked fine?
   I have not noticed it before but it may always have been like this.

From your about:support data I can see that you're running permanent private browsing mode (= never remember history). This means we don't store the google site data persistently, and you should be logged be out once you restart your browser. Could you please confirm this behavior?

It may still be desirable to clear site data-mid session, so I'm leaving this bug open.

Clear a needinfo that is pending on an inactive user.

Inactive users most likely will not respond; if the missing information is essential and cannot be collected another way, the bug maybe should be closed as INCOMPLETE.

For more information, please visit auto_nag documentation.