Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More
Asara ya

Can't log out of Mozilla Connect

jbr replied
bill369

After connecting and signing in to Mozilla Connect, it seems impossible to actually log out. There is a log out option in the dropdown menu, but it doesn't work. After "logging out", when going back to the site one is automatically logged back in. This is true even after clearing all mozilla.org cookies, and closing the browser. If a different browser is used, first time access to the Mozilla Connect site requires username/email and password, but after the first access, the alternate browser is also perpetually logged in.

1. What mechanism is being used to identify me as the user after cookies are cleared ?

2. How does this fit in with Mozilla's claims to respecting user privacy ?

3. How do a log out of the Mozilla Connect site ?

After connecting and signing in to Mozilla Connect, it seems impossible to actually log out. There is a log out option in the dropdown menu, but it doesn't work. After "logging out", when going back to the site one is automatically logged back in. This is true even after clearing all mozilla.org cookies, and closing the browser. If a different browser is used, first time access to the Mozilla Connect site requires username/email and password, but after the first access, the alternate browser is also perpetually logged in. 1. What mechanism is being used to identify me as the user after cookies are cleared ? 2. How does this fit in with Mozilla's claims to respecting user privacy ? 3. How do a log out of the Mozilla Connect site ?
Gụọ azịza a na nghọta

Asịsa Ahọpụtara

I know this might be a little overwhelming, but given the platforms don't handle logins and only keep tokens where the source of truth is the underlying identity solution, and it's a single–sign–on system with multiple federation options, and some of the federation options also keep their session on the side, based on the "severity" of the system you're logging into, whether the existing session could be trusted enough or a new re–auth is requested etc. …

… all of that is just a long way to say in what you're describing you also might need to remove any cookies and session data for (account*).firefox.com to kick you out of the last layer that still appears to keep you signed in for that same service on that same tentatively trusted device.

All Replies (8)

I couldn't reproduce this issue, so I'll ask a few questions. What method do you use to login to Mozilla Connect? (email address, Google, Github, Mozilla Accounts)

When I login to Mozilla Connect, I have to go through https://auth.mozilla.auth0.com. Does clearing cookies for auth0.com do anything?

Logged in to support.mozilla.org on Firefox, so that I can document the steps. Testing on Chromium browser on Ubuntu Linux 24.04 - Version 149.0.7827.196 (Official Build) built on Ubuntu 24.04.4 LTS (64-bit)

1. Sign out of Mozilla Connect ( connect.mozilla.org )

2. Remove all cookies (4) for auth0.com and mozilla.org (8). Note: doing this in a separate browser settings tab.

3. Close Chromium browser, then open it and go to connect.mozilla.org

4. Have not signed in yet, there are 4 cookies set for auth0.com and 8 set for mozilla.org

5. Click signin button on connect.mozilla.org, and I am logged in.

6. Remove cookies again (as in step 2, in separate tab) except without logging out. On the first tab, (connect.mozilla.org), browser pops up a notice "Reload this page to apply your updated settings on this site" with a Reload button.

7. Clicking Reload refreshes connect.mozilla.org, and I appear to be logged out because the "Sign In" button is visible.

8. Click the "Sign In" button, and I am immediately logged in without entering a username or password.

9. Starting from the Discussions home page, I tried the whole process again, and after clearing all cookies from auth0.com and mozilla.org, and clicking the Reload button, I am back at a login screen.

10. I enter my email address and select "Continue with Mozilla Accounts", and go to a second signin screen with me email address displayed, and a blue "Sign in" button". At the top of the popup, it says "Sign in. Continue to Mozilla IAM"

11. I click the "Sign in" button, no password is requested, and I am logged into connect.mozilla.org, on the Discussions home page.

NOTE: At some point when I first tried this today, I was able to get a sign in screen to appear, and had to enter my email address. I selected the "Mozilla Accounts" option, and was logged in without entering a password.

NOTE2: On Firefox, I had to enter my email address and password to get logged into support.mozilla.org. Can't test what happens if I logout there right now, since that is were I am typing.

NOTE3: I checked "Password Manager" in the browser, and it does not indicate I have any saved passwords. I also checked for stored passwords using SeaHorse (Ubuntu Password Manager), and there don't seem to be any there.

NOTE4. It may be that at some point in all the iterations above, I did not refresh the settings tab before trying to clear cookies, and that is the reason the sign in screen did not appear. However, even when the sign in screen appeared, I was never asked for a password for connect.mozilla.org, except maybe the very first time I used a particular browser after the recent OS update to version 24.04.

UPDATE: After posting the above from Firefox, I logged out of support.mozilla.org, and cleared all mozilla.org cookies. I did not find any auth0.com cookies. Reconnecting to support.mozilla.org, I was presented with a sign in screen with my email address displayed and a sign in button. Clicking the button, I was able to login to support.mozilla.org without entering a password.

I have some sites I have built that require a login. If I login there, and then logout, when I reconnect, I need to enter my username and password again, so this is not some magic happening at the browser or system level. The logout buttons on my site clear all the cookies related to the site.

Update 2: While testing today, I received 8 emails from Mozilla with 6 digit security codes. I just noticed this now, and was never required to enter the codes.

Asịsa Ahọpụtara

I know this might be a little overwhelming, but given the platforms don't handle logins and only keep tokens where the source of truth is the underlying identity solution, and it's a single–sign–on system with multiple federation options, and some of the federation options also keep their session on the side, based on the "severity" of the system you're logging into, whether the existing session could be trusted enough or a new re–auth is requested etc. …

… all of that is just a long way to say in what you're describing you also might need to remove any cookies and session data for (account*).firefox.com to kick you out of the last layer that still appears to keep you signed in for that same service on that same tentatively trusted device.

Once again frustrated by the modern world. I entered a lengthy comment, and then marked the previous answer as a solution, which erased my comment.

The gist of the lengthy comment was "What is the point of a sign out button that doesn't actually log you out of a site." It is misleading, deceptive, and probably could lead to security issues in a shared enviroment.

I also I don't understand how a cookie for firefox.com is being set, unless there is some hidden redirect to the firefox.com site as part of the login process. I only entered a url for mozilla.org, and I was able to see the redirect to auth0.com.

I guess I am kind of old-fashioned expecting that a "Sign out" button will actually log one out of a site.

Oh, and the other part of my erased comment was:

Thanks for taking the time and effort to help with this.

That's the complicated thing about single sign–on. You've successfully signed out of Connect. It can't sign you out e.g. out of Google or Apple, and for this purpose Mozilla account (fka Firefox Accounts, "FxA") however wild it sounds is just another "external" login provider — given the real authentication is provided by Auth0, and given Connect is actually also an external service, its platform pretty much doesn't even know how you're logging in, just checking if the session is valid, or it needs to ask for a refresh.

So you're signed out of Connect, you're not being remembered on Auth0 at any point, but when you click the sign in buttons you end up selecting Mozilla account ("FxA", your Mozilla identity running at accounts.firefox.com — that's where the cookie comes from) and that one's still signed in, and the service asking was allowed before and comes from the still trusted existing session, doesn't pose a threat to private data or account changes besides the platform's own surface and is not challenged for a second factor, you'll end up seeing just the screen with avatar and existing logged–in account, with confirmation to sign into that requesting service with this identity (this is the accounts.firefox.com domain if you're asking in which step it gets set).

To disallow further federated logins using FxA, you'd need to sign out of FxA explicitly, by going to the site linked above and singing out from there.

I can assure you this is totally puzzling to anyone. It's just what the service providers procured in past eventually iterated to over time. The answer to all of that basically is there's an option being explored to actually merge the Connect functionality with this Support platform, and get rid of the external system so the integrations could be tighter.

Jụọ ajụjụ

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.