Session key
1. Does Firefox automatically save a NEW session key with each new session? I have Firefox remembering my site passwords. I'm concerned about the prevention of session hijacking.
Thank you.
1. Does Firefox automatically save a NEW session key with each new session? I have Firefox remembering my site passwords. I'm concerned about the prevention of session hijacking.
Thank you.
所有回复 (1)
A session ID is usually stored in a cookie, so if this cookie doesn't expire and you keep this cookie then you can continue this session.
These steps make a website recognize and remember you:
- create a cookie allow exception with the proper protocol (https:// or http://) to make a website remember you
You can check that you aren't clearing important cookies.
- using "Delete cookies and site data when Firefox is closed" to clear cookies keeps cookies with an allow exception
in 102+ version toggling this setting makes changes to the "Clear history when Firefox closes" settings and those settings prevail - using "Clear history when Firefox closes" in Firefox 102+ honors exceptions and keeps cookies with an allow exception, previous versions removed all cookies
Exceptions rely on keeping the "Site settings".
- clearing "Site settings" clears exceptions for cookies, images, pop-up windows, and software installation and exceptions for passwords and other website specific data
- Settings -> Privacy & Security
Cookies and Site Data: "Manage Exceptions" - Settings -> Privacy & Security
Firefox will: "Use custom settings for history":
[X] "Clear history when Firefox closes" -> Settings