Closed
Bug 253546
Opened 20 years ago
Closed 20 years ago
Sessions (controlled by session-cookies) don't terminate unless all Mozilla apps are closed.
Categories
(Core :: Networking: Cookies, enhancement)
Tracking
()
People
(Reporter: jacobfri, Assigned: darin.moz)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113
Sessions are supposed to terminate if user closes the current browser window.
For Mozilla, a session doesn't terminate unless the user closes appearently all
Mozilla applications (at least the mail client).
Reproducible: Always
Steps to Reproduce:
1. Open your Mozilla mail client and Mozilla browser.
2. Go to a site where sessions are controlled by session-cookies (tip: session
id doesn't appear in url at second load). This site (bugzilla.mozilla.org) is a
good example.
3. Log in (if you don't have an account, start by creating such).
4. Close your Mozilla browser (not just the tab).
5. Open your Mozilla browser, and go back to the site, where you just logged.
6. Heureka, you're still logged in (if the server hasn't timed out your session).
Actual Results:
I was still logged in.
Expected Results:
The most optimal, security- and usability-wise, would be if the session
terminates by closing the current browser tab - and nothing else (no such thing
as closing all Mozilla apps)!
Comment 1•20 years ago
|
||
See bug 117222. Not sure if this counts as a dupe or not.
bug #117222 speaks only of sessions versus tabs.
The main point in this bug is that (browser) sessions stay alive if the mail
client is open.
The tab thing would be truly sensible too.
Comment 3•20 years ago
|
||
> This site (bugzilla.mozilla.org) is a good example.
this site is a bad example, because it doesn't use session cookies.
Comment 4•20 years ago
|
||
> Sessions are supposed to terminate if user closes the current browser window.
No, they terminate when the user closes the current browser _instance_ (which
may have multiple windows, in both Mozilla and IE).
This is a duplicate of an invalid bug...
Assignee: dveditz → darin
Component: Security: General → Networking: Cookies
QA Contact: core.networking.cookies
Whiteboard: DUPEME
Comment 5•20 years ago
|
||
> (at least the mail client)
that part might be valid. If you keep mailnews open, but close all browser
windows, your cookies are still alive.
The obvious workaround ofcourse is to use firefox and thunderbird.
Okay, this site is definitely a bad example, if it doesn't use session cookies.
Then try another place, shouldn't be hard to find.
'The obvious workaround ofcourse is to use firefox and thunderbird'...
Well, this is not really a problem for _me_ as user, but it's a security problem
for anyone who uses Mozilla. And thus also a security problem for folks that
create and maintain sites.
And Mozilla is the front offer of the Mozilla community, whereas firefox and
thunderbird is kind of nurdy aficionados stuff (or what?).
So Mozilla better be right also in this aspect, to fight the bloody McGates
hegemonia properly and well.
Cheers!
Comment 7•20 years ago
|
||
*** This bug has been marked as a duplicate of 86174 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
...This bug has been marked as a duplicate of 86174...
I must agree. Great thing that 'wontfix'-resolution ;o).
I guess that the 'insolvability' relys in the intertwined nature of the Mozilla
apps. The Mozilla browser and mail client are otherwise such wonderful pieces of
programming, that a few flaws is definitely acceptable.
Sorry if I wasted somebody's time.
You need to log in
before you can comment on or make changes to this bug.
Description
•