Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox 4, Gmail pinned app tab, does not sign out when browser closes, aka, when I open the browser, automatically signed in.

  • 7 replies
  • 80 have this problem
  • 4 views
  • Last reply by urbanix

more options

The sorta question I posed covers it. I don't have me gmail account info saved in my Preferences >> Security >> Saved Passwords, but when I open the browser, it does not ask me for a password. I have gmail pinned as an app tab. I want it to ask me everytime. Oddly enough, my Yahoo! account (go ahead, judge me) asks me everytime, it is also pinned.

The sorta question I posed covers it. I don't have me gmail account info saved in my Preferences >> Security >> Saved Passwords, but when I open the browser, it does not ask me for a password. I have gmail pinned as an app tab. I want it to ask me everytime. Oddly enough, my Yahoo! account (go ahead, judge me) asks me everytime, it is also pinned.

All Replies (7)

more options

I have the same problem and I want more than just a fix; I want to know WHY this happens. Like you, I don't have my gmail account info saved in my Preferences >> Security >> Saved Passwords. Also, I've made sure the "Keep me logged in" box is not checked. So how is it that I stay signed in? Where is Firefox storing my credentials? How are they allowing access to gmail without my log-in information? This seems like a major security flaw to me and at the very least is incredibly insecure. Please address this Mozilla!

more options

This can happen if the website remembers you via a cookie. Firefox stores cookies from pages in open tabs as part of the session data.

You can set the pref browser.sessionstore.privacy_level to 2 (never) or 1 (non-HTTPS, default in Firefox 3 versions) on the about:config page to disable saving cookies via session restore.

To open the about:config page, type about:config in the location (address) bar and press the "Enter" key, just like you type the url of a website to open a website.
If you see a warning then you can confirm that you want to access that page.

more options

If the browser closes then the session should terminate. THis is a grave flaw. What if we are on unsecure computer and the lights go off? The next time anybody opens the browser, hel be in my mailbox!!

more options

Guys, the app tab is for the convenience of always having the window open AND having it be open when you first start your browser. If you are worried about your account being accessed because you are on a publicly used computer why are you even using this feature? It seems that it is neither useful or convenient to you.

Modified by Heineko

more options

At work, I want the usefulness/convenience AND I want to have to sign in. If someone mentioned being on a public computer, your response would make sense. Even at home, I would want to function by having the tab open and asking me to sign in. Since I originally posted this, I have completely stopped using this option because of this problem. Thanks for adding nothing to this conversation Heini.

more options

This has bothered me a whole lot. Especially since Google Chrome's pinned tabs feature, the original impetus for Firefox's App Tabs, have never had this problem. I believe the solution is not to leave session data files unless the browser crashes. The current tabs should merely be bookmarked into a hidden directory. Now, if only a developer would make sure this happens...How best to contact them?

Sincerely,

Stuart

more options

I tried Cor-El's solution. It took care of the privacy-problem. It is, however, very annoying. I have Facebook and Gmail as app tabs (both hpps, so I don't think privacy level 1 would make a difference). I have activated two-step verification, but at home I usually let it remember me for 30 days, so I only have to do the second step once a month. It I change the privacy-level, I get one sms from each site with a password I have to type. This is cumbersome. I want it to remember me in the sense that the sms-password is only typed once a month, but my regular password is required at each session.