Why doesn't Firefox for Mobile log me out of Amazon when I exit Firefox?
When I start a fresh browsing session using Firefox for Windows, and I go to Amazon's site, I am NOT logged in.
But when I start a fresh browsing session using Firefox Mobile for Android, I find I am already logged in. I have set Firefox to clear data on exit (Settings/Privacy/Clear Private Data/Clear on Exit).
This is a security issue. If I lost my phone, someone could easily order products under my name. Is this is a bug or am I missing some setting?
All Replies (10)
On Firefox for Android, when you enable clear data on exit, a Quit item is added to the menu. You might need to use Quit to trigger the clearing; I'm not sure other methods of exiting Firefox will do it. Does Quit work for you?
Thank you very much for your prompt reply. Unfortunately, clicking on "Quit" does not solve the problem. I have also just noticed that my browsing history is saved, unlike in Firefox for Windows, where I have set it to delete browsing history when I exit Firefox.
If you return to the privacy settings and tap clear data on exit, Firefox should display a list of checkboxes for what exactly to clear at exit. Can you confirm that cookies are selected and, if you want to clear history, also history?
Again, I thank you for your assistance.
I checked and then unchecked the "Clear on Exit" box to make it bring up the options. Every single box is checked.
Hmm, I don't know whether you have ever gone into Android developer settings. There is one called "Don't keep activities" that can block Firefox from clearing private data.
If that's not it, a user with a similar problem fixed it by removing and reinstalling Firefox for Android: Privacy data not cleared on exit. But if you have local bookmarks you want to save, that's a hassle.
Okay, I have discovered the source of the problem, but I must admit I am not happy with Mozilla.
If I exit Firefox by clicking the "Quit" button, when I start a fresh session, I am NOT automatically logged in to Amazon, and my history tab is blank.
But if I use the button on the bottom of my phone to exit the browser (including swiping the image of the broser to the right), that action apparently does NOT count as "exiting" the browser.
I know what to do now, but I certainly would not regard this solution as intuitive. I would prefer that however I exit the browser, it enforces my privacy settings.
Thank you very much for your assistance.
When I was looking through the settings, I noticed that item did mention having to use the Quit button.
I don't know why it was designed this way.
Could you test this, it seemed to work with one test page I tried, but I'm curious whether it works with Amazon.
- "Quit" Firefox to clear cookies
- Open Firefox and load the internal about:config page (type or paste about:config in the address bar and tap the go arrow); you might want to bookmark this page
- In the search blank, type cook to filter the list, then scroll down to network.cookie.lifetimePolicy
- Tap the value to enable the controls and tap the up caret to change the value to 2 (equivalent to "Keep until: I close Firefox" on desktop), then tap away and make sure the setting doesn't change
- Visit a site that sets cookies (e.g., log in to Amazon)
- Unload Firefox using the system task list
- Open Firefox and check whether the cookie survived
Oh wait, I can get the cookie back by using "Tabs from Last Time". So I think this not-quitting approach actually doesn't erase cookies until Firefox starts and discovers that the previous session was ended, and because session restore is available, it's possible to resuscitate the previous session cookie.
Further investigation is needed.
Actually, I think changing that preference does work. I created a test page:
Thank you for your suggestion, but I will just use the "Quit" button from now on. Editing the config file is not something I'm comfortable with, given my limited expertise.
Further, even if it solves the problem for me, it doesn't solve the problem for all the other users who expect Firefox Mobile to work the same way Firefox for Windows works.
I wonder, though, how many other users have this same issue and simply don't realize it. It seems like a security issue to me. If someone else were to find my phone and open Firefox, they would be logged in to potentially any site I had visited -- not just Amazon, but perhaps my bank as well. In my opinion, Firefox Mobile should work the same way Firefox for Windows works, which means no matter how I exit the program, I am logged out of everything.
Again, my thanks for your time and your deep expertise.
Please also mention your concern/suggestion here: