搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Users do not want session cookies to be restored. We close Firefox using Task Manager and restart. We are using JSESSIONID.

more options

JSESSIONID is a session cookie. SInce it is restored after starting the browser I am trying to use this code.

if (session.isNew()) {

   String id = session.getId();
   String expireDate = "Thu, 01-Jan-1970 00:00:00 GMT";
   response.setHeader("Set-Cookie", String.format("JSESSIONID=%s;Expires=%s;Path=/", id, expireDate);

}

What is the recommendation of Firefox ? Users accessing internet applications from net cafes are prove to this risk. They are asking the application team to fix this. I understand there are many other risks in such public places.

JSESSIONID is a session cookie. SInce it is restored after starting the browser I am trying to use this code. if (session.isNew()) { String id = session.getId(); String expireDate = "Thu, 01-Jan-1970 00:00:00 GMT"; response.setHeader("Set-Cookie", String.format("JSESSIONID=%s;Expires=%s;Path=/", id, expireDate); } What is the recommendation of Firefox ? Users accessing internet applications from net cafes are prove to this risk. They are asking the application team to fix this. I understand there are many other risks in such public places.

所有回覆 (4)

more options

When using firefox in public places, try with Firefox Private Browsing



The people who answer questions here, for the most part, are other Firefox users volunteering their time (like me), not Mozilla employees or Firefox developers.

If you want to leave feedback for Firefox developers, you can go to the Firefox Help menu and select Submit Feedback... or use this link. (You'll need to be on the latest version of Firefox to submit feedback). Your feedback gets collected at http://input.mozilla.org/, where a team of people read it and gather data about the most common issues.

more options

Firefox stores cookies used in tabs that are currently open in the sessionstore.js file as part of saved session data, so those cookies will be restored if Firefox is closed without first closing these tabs.

You can set the browser.sessionstore.privacy_level pref to 2 (never) or 1 (non-HTTPS) on the about:config page to disable saving cookies via session restore.

The browser.sessionstore.privacy_level_deferred pref is used when you do not reopen the previous session automatically via "Show my windows and tabs from last time" and uses the same values.

由 cor-el 於 修改

more options

The java code I posted will not solve the problem because it will expire the cookie immediately. I was trying to somehow remove the JSESSIONID cookie.

At this time I understand I can't do this without changing the login architecture because I can't ask users to change their browser settings.

more options

Can the users per persuaded to log out? Once they log out and you invalidate the session on the server, it doesn't matter who has the old cookie since it can't be used to authenticate any more.