can you please try Clearing your Cache and History once again

To clear both automatically when closing Firefox, go to Options > Privacy set "Firefox will: Use custom settings for history", next, check "Clear history when Firefox closes", click "Setting" to the right of that and check off items you want to clear when Firefox closes. Be careful with what you select as the deleted items can not be recovered.

https://support.mozilla.org/en-US/kb/how-clear-firefox-cache

Firefox has its own cache and you can see the current cache usage on the about:cache page. You can open built-in about: pages via the location bar like you open a web page.

Firefox/Tools > Options > Advanced > Network > Cached Web Content

everything you described has already been set, but i verified the same again to double-check. there is no change. still getting cached creds almost across the board. i have the following settings in place

1. the browser is running in private mode, which is advertised to save nothing
2. never remember history (i mean for everything to be gone when i exit)
3. location bar suggests nothing
4. the history and cache have been manually cleared
5. max cache override 0 mb (from 350 mb)
6. cache confirmed cleared/reset after browser restart
7. remember site passwords grayed and unchecked
8. use master password unchecked

i have also verified that the experience does not manifest in chrome

Just a note about cookies: some cookie-based logins that normally expire at the end of a session may remain "live" if Firefox resumes/restores your earlier session.

You can set the browser.sessionstore.privacy_level pref to 2 (never) or 1 (non-HTTPS) on the about:config page to disable saving cookies via session restore.

The browser.sessionstore.privacy_level_deferred pref is used when you do not reopen the previous session automatically via "Show my windows and tabs from last time" and uses the same values.

• http://kb.mozillazine.org/browser.sessionstore.privacy_level

• http://kb.mozillazine.org/about:config

There is a way to modify the session restore feature to dump the cookies. This is linked to other form data.

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box that appears above the list, type or paste sess and pause while the list is filtered

(3) Double-click the following preferences and set them to the desired value for private data (site cookies, form data, POST data, and scrollbar position on the page):

(A) browser.sessionstore.privacy_level - applies to resuming your session automatically (e.g., after updating) or if you set Firefox start up to "Show my windows and tabs from last time"

• Save/restore for both HTTP and HTTPS sites => 0 (default)
• Save/restore for HTTP sites only => 1
• Do not save/restore for any sites => 2

(B) browser.sessionstore.privacy_level_deferred - applies to ad hoc session restore from the user interface (i.e., any time you are not automatically restoring your previous session)

• Save/restore for both HTTP and HTTPS sites => 0
• Save/restore for HTTP sites only => 1 (default)
• Do not save/restore for any sites => 2

starting to look buggy. In addition to the settings that you mentioned, I have modified the following settings. None are making a difference.

https://support.mozilla.org/en-US/questions/889884 https://support.mozilla.org/en-US/questions/976058 http://kb.mozillazine.org/Signon.prefillForms

services.sync.prefs.sync.signon.rememberSignons - false

signon.autofillForms - false

signon.autologin.proxy - false

signon.debug - false

signon.rememberSignons - false

signon.useDOMFormHasPassword - false

browser.sessionhistory.max_entries - 2

dom.storage.enabled - false

dom.storage.default_quota - 0

Thanks for your help thus far.

The latest update. I have twice reinstalled firefox trying to find a resolution. On the most recent reinstall, I deleted the profile folder. That cleared the listing of whatever was being remembered, but as soon as I logged into a site (after setting up all the "discard, do not remember" settings), the browser cached it. As in the original issue, the location of the cache is somewhere out in the undocumented ether.

For clarification, the concern here is that if the browser is holding my website login credentials in some undisclosed location that I cannot get to and clear, then it exposes every site that I access to unauthorized access merely by stealing the computer/laptop and breaking the password (or even easier, trojaning the system and taking over the desktop). This would expose any online bank accounts to fraudulent activity and possible funds and identity theft. It would expose e-mail and social media accounts to possible impersonation and other such mischief, possibly damaging personal reputation.

I personally don't see how such a setting as caching login credentials is useful in a browser that has built a reputation on privacy, but until there is a fix, I won't be able to use or recommend Firefox.

It is possible that the cookies.sqlite file that stores the cookies is corrupted if clearing cookies doesn't work.

Rename (or delete) cookies.sqlite (cookies.sqlite.old) and delete other present cookies files like cookies.sqlite-journal in the Firefox profile folder in case the file cookies.sqlite got corrupted.

It is possible that Firefox isn't running in PB mode for some reason despite the setting as extensions can block this.

Start Firefox in Safe Mode to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).

• Do NOT click the Reset button on the Safe Mode start window.

• https://support.mozilla.org/kb/Safe+Mode
• https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

thanks for all the help. after more digging and cross browser testing, i was able to identify the trouble.

some link about protecting child privacy online recommended MASKME as a way to create dummy e-mail accounts for spam me websites. turns out, maskme is a password manager which also watches your web logins and sucks up your credentials for later population.

several hours and several reset passwords later, all better.

thanks again