ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Users do not want session cookies to be restored. We close Firefox using Task Manager and restart. We are using JSESSIONID.

more options

JSESSIONID is a session cookie. SInce it is restored after starting the browser I am trying to use this code.

if (session.isNew()) {

   String id = session.getId();
   String expireDate = "Thu, 01-Jan-1970 00:00:00 GMT";
   response.setHeader("Set-Cookie", String.format("JSESSIONID=%s;Expires=%s;Path=/", id, expireDate);

}

What is the recommendation of Firefox ? Users accessing internet applications from net cafes are prove to this risk. They are asking the application team to fix this. I understand there are many other risks in such public places.

JSESSIONID is a session cookie. SInce it is restored after starting the browser I am trying to use this code. if (session.isNew()) { String id = session.getId(); String expireDate = "Thu, 01-Jan-1970 00:00:00 GMT"; response.setHeader("Set-Cookie", String.format("JSESSIONID=%s;Expires=%s;Path=/", id, expireDate); } What is the recommendation of Firefox ? Users accessing internet applications from net cafes are prove to this risk. They are asking the application team to fix this. I understand there are many other risks in such public places.

All Replies (4)

more options

When using firefox in public places, try with Firefox Private Browsing



The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.

If you want to leave feedback for Firefox developers, you can go to the Firefox Help menu and select Submit Feedback... or use this link. (You'll need to be on the latest version of Firefox to submit feedback). Your feedback gets collected at http://input.mozilla.org/, where a team of people read it and gather data about the most common issues.

more options

Firefox stores cookies used in tabs that are currently open in the sessionstore.js file as part of saved session data, so those cookies will be restored if Firefox is closed without first closing these tabs.

You can set the browser.sessionstore.privacy_level pref to 2 (never) or 1 (non-HTTPS) on the about:config page to disable saving cookies via session restore.

The browser.sessionstore.privacy_level_deferred pref is used when you do not reopen the previous session automatically via "Show my windows and tabs from last time" and uses the same values.

Modified by cor-el

more options

The java code I posted will not solve the problem because it will expire the cookie immediately. I was trying to somehow remove the JSESSIONID cookie.

At this time I understand I can't do this without changing the login architecture because I can't ask users to change their browser settings.

more options

Can the users per persuaded to log out? Once they log out and you invalidate the session on the server, it doesn't matter who has the old cookie since it can't be used to authenticate any more.