User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 Sessions are supposed to terminate if user closes the current browser window. For Mozilla, a session doesn't terminate unless the user closes appearently all Mozilla applications (at least the mail client). Reproducible: Always Steps to Reproduce: 1. Open your Mozilla mail client and Mozilla browser. 2. Go to a site where sessions are controlled by session-cookies (tip: session id doesn't appear in url at second load). This site (bugzilla.mozilla.org) is a good example. 3. Log in (if you don't have an account, start by creating such). 4. Close your Mozilla browser (not just the tab). 5. Open your Mozilla browser, and go back to the site, where you just logged. 6. Heureka, you're still logged in (if the server hasn't timed out your session). Actual Results: I was still logged in. Expected Results: The most optimal, security- and usability-wise, would be if the session terminates by closing the current browser tab - and nothing else (no such thing as closing all Mozilla apps)!

See bug 117222. Not sure if this counts as a dupe or not.

bug #117222 speaks only of sessions versus tabs. The main point in this bug is that (browser) sessions stay alive if the mail client is open. The tab thing would be truly sensible too.

> This site (bugzilla.mozilla.org) is a good example. this site is a bad example, because it doesn't use session cookies.

> Sessions are supposed to terminate if user closes the current browser window. No, they terminate when the user closes the current browser _instance_ (which may have multiple windows, in both Mozilla and IE). This is a duplicate of an invalid bug...

> (at least the mail client) that part might be valid. If you keep mailnews open, but close all browser windows, your cookies are still alive. The obvious workaround ofcourse is to use firefox and thunderbird.

Okay, this site is definitely a bad example, if it doesn't use session cookies. Then try another place, shouldn't be hard to find. 'The obvious workaround ofcourse is to use firefox and thunderbird'... Well, this is not really a problem for _me_ as user, but it's a security problem for anyone who uses Mozilla. And thus also a security problem for folks that create and maintain sites. And Mozilla is the front offer of the Mozilla community, whereas firefox and thunderbird is kind of nurdy aficionados stuff (or what?). So Mozilla better be right also in this aspect, to fight the bloody McGates hegemonia properly and well. Cheers!

*** This bug has been marked as a duplicate of 86174 ***

...This bug has been marked as a duplicate of 86174... I must agree. Great thing that 'wontfix'-resolution ;o). I guess that the 'insolvability' relys in the intertwined nature of the Mozilla apps. The Mozilla browser and mail client are otherwise such wonderful pieces of programming, that a few flaws is definitely acceptable. Sorry if I wasted somebody's time.