Closing a private window and then opening a new private window incorrectly restores the previous session
I was always under the impression that a new private windows is just that, a private window where the history is not stored. I was testing something and I created a new private window by pressing <Ctrl> <Shift> P. I then logged into gmail. Once I was finished I closed the window. Later on, I created a new private window by again pressing <Ctrl> <Shift> P. I went to gmail.com and my previous session was restored. If I press <Ctrl> <Shift> P from inside the private session then I get another private session but it's not really another private session as it also retains the cookies from the existing private session so it seems like Firefox only creates a single private session and reuses that session until the window is closed.
Is that correct? If so it seems extremely insecure. I could walk up to anyone's desk when they are away and start a new private window which will remember all of the cookies from their previous private sessions.
Vahaolana nofidina
The only scenario where I believe I could replicate your result is if you do not have regular windows, i.e., you have Firefox set to start up automatically in private browsing mode. To check whether that is set:
- Windows: "3-bar" menu button (or Tools menu) > Options
- Mac: "3-bar" menu button (or Firefox menu) > Preferences
- Linux: "3-bar" menu button (or Edit menu) > Preferences
- Any system: type or paste about:preferences into the address bar and press Enter/Return to load it
In the left column, click Privacy & Security.
On the right side, the History selector can have one of three values:
- Firefox will: Remember history -- I'm wrong
- Firefox will: Never remember history -- this invokes automatic private browsing, there are no regular windows
- Firefox will: Use custom settings for history -- check the details:
- "Always use private browsing mode" -- this is self-explanatory
All Replies (5)
Hi Graymatter, all of the private windows share a single cookie jar. The only way to dump the jar is to close all private windows.
I could walk up to anyone's desk when they are away and start a new private window which will remember all of the cookies from their previous private sessions.
If they didn't lock their screen and require their password to unlock it, then they are allowing lots of mischief on their computer. Foolish -- especially around the beginning of next month!
jscher2000 said
Hi Graymatter, all of the private windows share a single cookie jar. The only way to dump the jar is to close all private windows.
But that's exactly what I am doing in the first instance. I open a private window with <Ctrl> <Shift> P. Do something in that window. Close the private window. At this point there are no private windows open, only my previous regular windows. I then open a new private window with <Ctrl><Shift>P and it retains the previous private window cookies so it appears that the only way to dump the jar is to close Firefox itself. I could understand if the act of closing the last private window killed the cookies but that's not what is happening.
jscher2000 said
If they didn't lock their screen and require their password to unlock it, then they are allowing lots of mischief on their computer. Foolish -- especially around the beginning of next month!
True but there is a certain expectation. As a technical person, it helps me because I understand what is going on behind the scenes but for a regular user without any technical knowledge, they would expect whatever they did in a private window to "go away" when they closed that window.
To quote the information from the private window page "When you browse in a Private Window, Firefox does not save: visited pages, cookies, searches, temporary files". The implication is that the information is part of the private window, not something that Firefox will keep around until it exits.
Vahaolana Nofidina
The only scenario where I believe I could replicate your result is if you do not have regular windows, i.e., you have Firefox set to start up automatically in private browsing mode. To check whether that is set:
- Windows: "3-bar" menu button (or Tools menu) > Options
- Mac: "3-bar" menu button (or Firefox menu) > Preferences
- Linux: "3-bar" menu button (or Edit menu) > Preferences
- Any system: type or paste about:preferences into the address bar and press Enter/Return to load it
In the left column, click Privacy & Security.
On the right side, the History selector can have one of three values:
- Firefox will: Remember history -- I'm wrong
- Firefox will: Never remember history -- this invokes automatic private browsing, there are no regular windows
- Firefox will: Use custom settings for history -- check the details:
- "Always use private browsing mode" -- this is self-explanatory
jscher2000 said
The only scenario where I believe I could replicate your result is if you do not have regular windows, i.e., you have Firefox set to start up automatically in private browsing mode. To check whether that is set:In the left column, click Privacy & Security. On the right side, the History selector can have one of three values:
- Windows: "3-bar" menu button (or Tools menu) > Options
- Mac: "3-bar" menu button (or Firefox menu) > Preferences
- Linux: "3-bar" menu button (or Edit menu) > Preferences
- Any system: type or paste about:preferences into the address bar and press Enter/Return to load it
- Firefox will: Remember history -- I'm wrong
- Firefox will: Never remember history -- this invokes automatic private browsing, there are no regular windows
- Firefox will: Use custom settings for history -- check the details:
- "Always use private browsing mode" -- this is self-explanatory
I definitely have regular windows open. I have my Firefox set to always remember the history in the option that you are talking about. I do have a number of plugins installed (Ghostery, Greasemonkey, Stylus, uBlock, uMatrix and Web Developer). The most recent startup of Firefox was from a Windows 10 update over night where it restored the browser to it's previous incarnation. I have too many (about 40 tabs) open with 2 of them pinned.
I tested on the instance of Firefox in my VM and it worked correctly. That version has the same plugins.
I just closed all of the private windows again and now it seems to be working which is odd because I tested a number of time. At this point I will blame myself and say that I must have left a private window open. As penance I will attempt to respond to some open issues.