Closed
Bug 650298
Opened 13 years ago
Closed 13 years ago
Restore Previous Session returns to secured page without logging in
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 530594
People
(Reporter: rvjanc, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0) Gecko/20100101 Firefox/4.0 Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0) Gecko/20100101 Firefox/4.0 If I go to some secure (https) site where I need to log in, then quit FF without logging out, then restart FF and then go to Restore Previous Session I end up at the last secure page I was viewing when I quit FF. Reproducible: Always Steps to Reproduce: 1. Go to a site like https://www.att.com/olam/dashboardAction.olamexecute 2. Log in 3. Click to some place on the site 4. Quit FF WITHOUT logging out 5. Launch FF and Restore Previous Session 6. You are still logged in and on the last page before you quit. NOTE: This does not happen on all secure sites but on those it happens it is repeatable. Expected Results: Expected to not be logged in after Restore Previous Session involving a secure site like AT&T accounts. This happens at these I have tried https://www.wireless.att.com/olam/dashboardAction.olamexecute http://www.we-energies.com/ (log-in is secure) https://www.centurylink.com/Pages/Identification/maIdentification.jsp It DOES NOT HAPPEN at my bank or Gmail.
I tried this on the AT&T site using Safari and when I clicked on "Reopen all windows from last session" I ended up at the log-in page, NOT IN THE ACCOUNT. I couldn't try this with chrome since it doesn't appear to have a session restore capability from what I see.
This behavior has also been reported for Ebay, PayPal and BOA http://forums.mozillazine.org/viewtopic.php?f=38&t=2167727&p=10693805#p10693805 .
Comment 3•13 years ago
|
||
This was a conscious design decision so no need to keep the bug hidden (it was considered a win for "user convenience"). See bug 443354, bug 529899, and bug 530594
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•