X
Tap here to go to the mobile version of the site.

Support Forum

Server-side override of the setting "Restore previous session"

Posted

For some websites with sensitive content it is very annoying that it is possible in firefox to restore the previous sessions after firefox crashes.

The default-setting for this firefox-feature in about:config and then browser.sessionstore.resume_from_crash is true.

This can cause a security break when a user log into a website with sensitive content and then firefox crashes and the user leave the pc. If then an other user starts firefox again on this pc firefox will aks if he want to restore the previous sessions. When this other user click "restore the previous sessions" he will have the authorized session of this website with sensitive content of the first user!

=> So the question is if there is a possibility to override the firefox-setting "Restore previous session" on the server side.

For some websites with sensitive content it is very annoying that it is possible in firefox to restore the previous sessions after firefox crashes. The default-setting for this firefox-feature in about:config and then browser.sessionstore.resume_from_crash is true. This can cause a security break when a user log into a website with sensitive content and then firefox crashes and the user leave the pc. If then an other user starts firefox again on this pc firefox will aks if he want to restore the previous sessions. When this other user click "restore the previous sessions" he will have the authorized session of this website with sensitive content of the first user! => So the question is if there is a possibility to override the firefox-setting "Restore previous session" on the server side.

Additional System Details

Installed Plug-ins

  • Adobe Shockwave for Director Netscape plug-in, version 11.6.7.637
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.4
  • 5.1.10411.0
  • Citrix Receiver Plugin (Win32)
  • Shockwave Flash 10.2 r152
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.0; rv:10.0.9) Gecko/20100101 Firefox/10.0.9

More Information

Michael Verdi
  • Administrator
  • Moderator
128 solutions 852 answers

This blog post might be of help http://mike.kaply.com/2012/03/15/customizing-firefox-default-preference-files/

If not, the best place to get an answer for that kind of thing is in the Enterprise Working Group Mailing List.

This blog post might be of help http://mike.kaply.com/2012/03/15/customizing-firefox-default-preference-files/ If not, the best place to get an answer for that kind of thing is in the [https://mail.mozilla.org/listinfo/enterprise Enterprise Working Group Mailing List].
cor-el
  • Top 10 Contributor
  • Moderator
13061 solutions 119628 answers

Note that Firefox 10.0.9 is an older Firefox ESR version (the last in ESR 10.0.12) and has been replaced by Firefox 17 ESR.


You can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.

Place a file local-settings.js in the defaults\pref folder where you also find the file channel-prefs.js to specify using mozilla.cfg.

pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0); // use this to disable the byte-shift

See:

These functions can be used in the mozilla.cfg file:

defaultPref();  // set new default value
pref();         // set pref, but allow changes in current session
lockPref();     // lock pref, disallow changes
Note that Firefox 10.0.9 is an older Firefox ESR version (the last in ESR 10.0.12) and has been replaced by Firefox 17 ESR. *http://www.mozilla.org/en-US/firefox/organizations/all.html *http://www.mozilla.org/en-US/firefox/17.0.3/releasenotes/ *http://www.mozilla.org/en-US/firefox/17.0.3/system-requirements/ ----- You can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values. Place a file local-settings.js in the defaults\pref folder where you also find the file channel-prefs.js to specify using mozilla.cfg. pref("general.config.filename", "mozilla.cfg"); pref("general.config.obscure_value", 0); // use this to disable the byte-shift See: *http://kb.mozillazine.org/Locking_preferences These functions can be used in the mozilla.cfg file: defaultPref(); // set new default value pref(); // set pref, but allow changes in current session lockPref(); // lock pref, disallow changes