We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Users do not want session cookies to be restored. We close Firefox using Task Manager and restart. We are using JSESSIONID.

more options

JSESSIONID is a session cookie. SInce it is restored after starting the browser I am trying to use this code.

if (session.isNew()) {

   String id = session.getId();
   String expireDate = "Thu, 01-Jan-1970 00:00:00 GMT";
   response.setHeader("Set-Cookie", String.format("JSESSIONID=%s;Expires=%s;Path=/", id, expireDate);

}

What is the recommendation of Firefox ? Users accessing internet applications from net cafes are prove to this risk. They are asking the application team to fix this. I understand there are many other risks in such public places.

JSESSIONID is a session cookie. SInce it is restored after starting the browser I am trying to use this code. if (session.isNew()) { String id = session.getId(); String expireDate = "Thu, 01-Jan-1970 00:00:00 GMT"; response.setHeader("Set-Cookie", String.format("JSESSIONID=%s;Expires=%s;Path=/", id, expireDate); } What is the recommendation of Firefox ? Users accessing internet applications from net cafes are prove to this risk. They are asking the application team to fix this. I understand there are many other risks in such public places.

Tất cả các câu trả lời (4)

more options

When using firefox in public places, try with Firefox Private Browsing



The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.

If you want to leave feedback for Firefox developers, you can go to the Firefox Help menu and select Submit Feedback... or use this link. (You'll need to be on the latest version of Firefox to submit feedback). Your feedback gets collected at http://input.mozilla.org/, where a team of people read it and gather data about the most common issues.

more options

Firefox stores cookies used in tabs that are currently open in the sessionstore.js file as part of saved session data, so those cookies will be restored if Firefox is closed without first closing these tabs.

You can set the browser.sessionstore.privacy_level pref to 2 (never) or 1 (non-HTTPS) on the about:config page to disable saving cookies via session restore.

The browser.sessionstore.privacy_level_deferred pref is used when you do not reopen the previous session automatically via "Show my windows and tabs from last time" and uses the same values.

Được chỉnh sửa bởi cor-el vào

more options

The java code I posted will not solve the problem because it will expire the cookie immediately. I was trying to somehow remove the JSESSIONID cookie.

At this time I understand I can't do this without changing the login architecture because I can't ask users to change their browser settings.

more options

Can the users per persuaded to log out? Once they log out and you invalidate the session on the server, it doesn't matter who has the old cookie since it can't be used to authenticate any more.