Server-side override of the setting "Restore previous session"
For some websites with sensitive content it is very annoying that it is possible in firefox to restore the previous sessions after firefox crashes.
The default-setting for this firefox-feature in about:config and then browser.sessionstore.resume_from_crash is true.
This can cause a security break when a user log into a website with sensitive content and then firefox crashes and the user leave the pc. If then an other user starts firefox again on this pc firefox will aks if he want to restore the previous sessions. When this other user click "restore the previous sessions" he will have the authorized session of this website with sensitive content of the first user!
=> So the question is if there is a possibility to override the firefox-setting "Restore previous session" on the server side.
All Replies (2)
This blog post might be of help http://mike.kaply.com/2012/03/15/customizing-firefox-default-preference-files/
If not, the best place to get an answer for that kind of thing is in the Enterprise Working Group Mailing List.
Note that Firefox 10.0.9 is an older Firefox ESR version (the last in ESR 10.0.12) and has been replaced by Firefox 17 ESR.
- http://www.mozilla.org/en-US/firefox/17.0.3/releasenotes/
- http://www.mozilla.org/en-US/firefox/17.0.3/system-requirements/
You can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.
Place a file local-settings.js in the defaults\pref folder where you also find the file channel-prefs.js to specify using mozilla.cfg.
pref("general.config.filename", "mozilla.cfg"); pref("general.config.obscure_value", 0); // use this to disable the byte-shift
See:
These functions can be used in the mozilla.cfg file:
defaultPref(); // set new default value pref(); // set pref, but allow changes in current session lockPref(); // lock pref, disallow changes