Avatar for Username

Prohledat stránky podpory

Vyhněte se podvodům. Za účelem poskytnutí podpory vás nikdy nežádáme, abyste zavolali nebo poslali SMS na nějaké telefonní číslo nebo abyste sdělili své osobní údaje. Jakékoliv podezřelé chování nám prosím nahlaste pomocí odkazu „Nahlásit zneužití“.

Learn More

Toto vlákno bylo archivováno. Pokud potřebujete pomoci, založte prosím nový dotaz.

Users do not want session cookies to be restored. We close Firefox using Task Manager and restart. We are using JSESSIONID.

mohanradhakrishnan
mohanradhakrishnan
more options

JSESSIONID is a session cookie. SInce it is restored after starting the browser I am trying to use this code.

if (session.isNew()) { 

   String id = session.getId();
   String expireDate = "Thu, 01-Jan-1970 00:00:00 GMT";
   response.setHeader("Set-Cookie", String.format("JSESSIONID=%s;Expires=%s;Path=/", id, expireDate);

}

What is the recommendation of Firefox ? Users accessing internet applications from net cafes are prove to this risk. They are asking the application team to fix this. I understand there are many other risks in such public places.

JSESSIONID is a session cookie. SInce it is restored after starting the browser I am trying to use this code. if (session.isNew()) { String id = session.getId(); String expireDate = "Thu, 01-Jan-1970 00:00:00 GMT"; response.setHeader("Set-Cookie", String.format("JSESSIONID=%s;Expires=%s;Path=/", id, expireDate); } What is the recommendation of Firefox ? Users accessing internet applications from net cafes are prove to this risk. They are asking the application team to fix this. I understand there are many other risks in such public places.

Všechny odpovědi (4)

iamjayakumars
iamjayakumars
more options

When using firefox in public places, try with Firefox Private Browsing



The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.

If you want to leave feedback for Firefox developers, you can go to the Firefox Help menu and select Submit Feedback... or use this link. (You'll need to be on the latest version of Firefox to submit feedback). Your feedback gets collected at http://input.mozilla.org/, where a team of people read it and gather data about the most common issues.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Firefox stores cookies used in tabs that are currently open in the sessionstore.js file as part of saved session data, so those cookies will be restored if Firefox is closed without first closing these tabs.

You can set the browser.sessionstore.privacy_level pref to 2 (never) or 1 (non-HTTPS) on the about:config page to disable saving cookies via session restore.

The browser.sessionstore.privacy_level_deferred pref is used when you do not reopen the previous session automatically via "Show my windows and tabs from last time" and uses the same values.

Upravil uživatel cor-el dne

mohanradhakrishnan
mohanradhakrishnan Autor dotazu
more options

The java code I posted will not solve the problem because it will expire the cookie immediately. I was trying to somehow remove the JSESSIONID cookie.

At this time I understand I can't do this without changing the login architecture because I can't ask users to change their browser settings.

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Can the users per persuaded to log out? Once they log out and you invalidate the session on the server, it doesn't matter who has the old cookie since it can't be used to authenticate any more.