Firefox does not clear all session cookies when force quit
After I've logged on a site ( a bank ) with firefox 33.0, I have some session cookies stored (from the login). I open up the Windows task manager, force quit the prosess, reopen firefox and go to the same page I hit after I logged in with the bank, and I am still logged in, due to some of the session cookies are still present ( not all ).
If I close firefox the "correct" way via "X" in the top right corner, this is not reproduced. This is not reproduced in other browsers (IE, Chrome)
Probably related: https://support.mozilla.org/en-US/questions/1003856?esab=a&as=aaq
Todas as respostas (5)
If you have Firefox set to clear cookies upon closing, you need to close Firefox properly, by using Exit rather than just killing the firefox.exe process. Firefox does need some time to close all the files that are open when Firefox is running AND to clear the data you have selected to be cleared during the closing process.
The thing is, that this method (kill process) always removes specific session cookies, and always leaves specific session cookies behind.
My firefox ( is a default set up at my company ) is set to: "Keep cookies until they expire"/not a custom setup/ "Firefox will: remember history"
Modificado por phun-ky a
Are these settings locked by the company?
If you are worried about your security, the cookies are stored in your user profile. The other would need to access the computer as you.
Go to the Mozilla Add-ons Web Page {web link} (There’s a lot of good stuff here) and search for what you want.
There are many cookie related add-ons.
The sessionstore.js file that stores session data includes cookies from open tabs, so if tabs are restored and you haven't logged out then you may still be logged on unless the session has expired via other ways.
You can set the browser.sessionstore.privacy_level pref to 2 (never) or 1 (non-HTTPS) on the about:config page to disable saving cookies via session restore in the sessionstore.js file. The browser.sessionstore.privacy_level_deferred pref is used when you do not reopen the previous session automatically via "Show my windows and tabs from last time" and uses the same values.
Settings are not locked, and yes I can install addons, but that's just to circumvent the original issue here.
I know you are all eager to help, but this issue is not related to any settings or addons according to our research.
To ellaborate:
- Cookie A is a cookie that will expire when session ends, and it's httpOnly + secure, set to domain x.domain.com
- Cookie B is a coockie that will expire when session ends, and it's NOT set to httpOnly and secure, set to domain *.domain.com
When we force quit firefox, Cookie B is deleted, but not Cookie A. This behaviour can not be reproduced in IE or Chrome