RobertJ Reporter
	Description • 13 years ago

User-Agent:       Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0) Gecko/20100101 Firefox/4.0
Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0) Gecko/20100101 Firefox/4.0

If I go to some secure (https) site where I need to log in, then quit FF without logging out, then restart FF and then go to Restore Previous Session I end up at the last secure page I was viewing when I quit FF.

Reproducible: Always

Steps to Reproduce:
1. Go to a site like https://www.att.com/olam/dashboardAction.olamexecute
2. Log in
3. Click to some place on the site
4. Quit FF WITHOUT logging out
5. Launch FF and Restore Previous Session
6. You are still logged in and on the last page before you quit.

NOTE: This does not happen on all secure sites but on those it happens it is repeatable.


Expected Results:  
Expected to not be logged in after Restore Previous Session involving a secure site like AT&T accounts.

This happens at these I have tried

https://www.wireless.att.com/olam/dashboardAction.olamexecute
http://www.we-energies.com/ (log-in is secure)
https://www.centurylink.com/Pages/Identification/maIdentification.jsp

It DOES NOT HAPPEN at my bank or Gmail.

	RobertJ Reporter
	Comment 1 • 13 years ago

I tried this on the AT&T site using Safari and when I clicked on "Reopen all windows from last session" I ended up at the log-in page, NOT IN THE ACCOUNT.

I couldn't try this with chrome since it doesn't appear to have a session restore capability from what I see.

	RobertJ Reporter
	Comment 2 • 13 years ago

This behavior has also been reported for Ebay, PayPal and BOA

http://forums.mozillazine.org/viewtopic.php?f=38&t=2167727&p=10693805#p10693805

.

	Daniel Veditz [:dveditz]
	Comment 3 • 13 years ago

This was a conscious design decision so no need to keep the bug hidden (it was considered a win for "user convenience").

See bug 443354, bug 529899, and bug 530594