Restore session saves login token
When I close Firefox and open it again I am no longer logged into my Google account as is normal (I ask that my login information not be saved). However if I use the restore previous session option then I am logged back into my Google accounts. Why is the login token not expired on closing, and is still valid after restoring a previous session?
This happens even when disabling all add-ons.
Valittu ratkaisu
Firefox stores cookies used in tabs that are currently open in the sessionstore.js file as part of saved session data, so those cookies will be restored if Firefox is closed without first closing these tabs.
You can set browser.sessionstore.privacy_level to 2 (never) or 1 (non-HTTPS) on the about:config page to disable saving cookies via session restore in the sessionstore.js file. The browser.sessionstore.privacy_level_deferred pref is used when you do not reopen the previous session automatically via "Show my windows and tabs from last time" and uses the same values.
You can open the about:config page via the location/address bar. You can accept the warning and click "I'll be careful" to continue.
Lue tämä vastaus kontekstissaan 👍 2Kaikki vastaukset (7)
Where you logged in during that previous session?
Yes, when closing each session I am logged into Google. I have my Google settings set to not save login information. And when I launch FF again I am indeed not logged in. However if I restore my previous session it restores my login.
Belliger said
if I restore my previous session it restores my login.
That's because you were logged in.
So you don't think this is a security issue?
Because this is something new. I have always used the restore previous session feature, and until recently I have needed to log back into any account I did not have set to save my login information.
There is no real security issue. Only your computer has the session restore, and to use your computer account, one needs the password.
Valittu ratkaisu
Firefox stores cookies used in tabs that are currently open in the sessionstore.js file as part of saved session data, so those cookies will be restored if Firefox is closed without first closing these tabs.
You can set browser.sessionstore.privacy_level to 2 (never) or 1 (non-HTTPS) on the about:config page to disable saving cookies via session restore in the sessionstore.js file. The browser.sessionstore.privacy_level_deferred pref is used when you do not reopen the previous session automatically via "Show my windows and tabs from last time" and uses the same values.
You can open the about:config page via the location/address bar. You can accept the warning and click "I'll be careful" to continue.
Thank you cor-el! Both for explaining why Firefox was acting the way it was and for the solution. This perfectly solved my issue.