Server-side override of the setting "Restore previous session"
For some websites with sensitive content it is very annoying that it is possible in firefox to restore the previous sessions after firefox crashes.
The default-setting for this firefox-feature in about:config and then browser.sessionstore.resume_from_crash is true.
This can cause a security break when a user log into a website with sensitive content and then firefox crashes and the user leave the pc. If then an other user starts firefox again on this pc firefox will aks if he want to restore the previous sessions. When this other user click "restore the previous sessions" he will have the authorized session of this website with sensitive content of the first user!
=> So the question is if there is a possibility to override the firefox-setting "Restore previous session" on the server side.
Additional System Details
- Adobe Shockwave for Director Netscape plug-in, version 18.104.22.1687
- Adobe PDF Plug-In For Firefox and Netscape 10.1.4
- Citrix Receiver Plugin (Win32)
- Shockwave Flash 10.2 r152
- Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
- User Agent: Mozilla/5.0 (Windows NT 6.0; rv:10.0.9) Gecko/20100101 Firefox/10.0.9
This blog post might be of help http://mike.kaply.com/2012/03/15/customizing-firefox-default-preference-files/
If not, the best place to get an answer for that kind of thing is in the Enterprise Working Group Mailing List.
Note that Firefox 10.0.9 is an older Firefox ESR version (the last in ESR 10.0.12) and has been replaced by Firefox 17 ESR.
You can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.
Place a file local-settings.js in the defaults\pref folder where you also find the file channel-prefs.js to specify using mozilla.cfg.
pref("general.config.filename", "mozilla.cfg"); pref("general.config.obscure_value", 0); // use this to disable the byte-shift
These functions can be used in the mozilla.cfg file:
defaultPref(); // set new default value pref(); // set pref, but allow changes in current session lockPref(); // lock pref, disallow changes