Fenix: Cookies are not shared between private tabs
The behavior reported here is possibly open for debate. But since the current behavior is not what our other mobile and desktop browsers do, I am defaulting to a bug.
Steps to reproduce:
- Open a new private tab to news.ycombinator.com (or any site where you have a login)
- Log in
- Open a second private tab to news.ycombinator.com
Expected:
- In this second tab you are also logged in
Actual:
- You are not logged in
Cc to @jonalmeida because I think he implemented Private Mode in the Reference Browser, which has this same bug.
st3fan
All 15 comments
I'd say it's definitely a bug for the reason you mentioned: not consistent with mobile and desktop.
That said, this sounds like a GV bug since we're only setting a flag to change a session to private mode, and I can reproduce this on Focus as well.
jonalmeida
on 21 Feb 2019
Just confirmed that this was closed by #667.
sblatz
on 28 Feb 2019
I can still reproduce this issue in PB. You are also logged out in the first tab if you refresh the page after step 3.
sv-ohorvath
on 7 Mar 2019
I agree with @jonalmeida: This seems to be an "issue" at GeckoView level. I filed a bug on Bugzilla for that:
https://bugzilla.mozilla.org/show_bug.cgi?id=1533406
pocmo
on 7 Mar 2019
Thanks for filing that, @pocmo đ
sblatz
on 7 Mar 2019
@bifleming this looks like it's in the Q4 waiting column but it was added in June, so I propose we bump it out of that list, and changing it to a P3.
liuche
on 5 Oct 2019
Need to decide what the expected behaviour is for this one. If different from current behaviour, we'll need to prioritize with GV
athomasmoz
on 25 Nov 2019
Since @AmyYLee has been working on privacy and security projects, letâs wait for her feedback.
In the meantime, I have an opinion that may be useful:
I think it makes sense that private tabs should share cookies â especially for tabs that are spawned from a âparentâ tab. This allows internal links on Facebook, for example, to work properly.
Whether this would be considered a âMustâ, âCouldâ or âShouldâ, I tend towards the latter.
This is my reasoning:
- Weâve designed Private Browsing to be erasable in one tap (garbage bin) and to self-destruct on quit.
- Therefore, itâs reasonable to assume that users are less likely to keep private tabs open, and therefore signed in.
- Therefore, it doesnât matter very much whether information on one private tab carries over to another private tab.
Interestingly, what seems to happen is that a subset of technical, privacy-conscious users (granted, this was on desktop) seem to prefer each private tab _not_ to share cookies.
brampitoyo
on 28 Nov 2019
On Fennec, cookies are shared between private tabs. After migration, users may consider this as a regression.
Also, some websites open new tabs and as pointed by sv-ohorvath https://github.com/mozilla-mobile/fenix/issues/609#issuecomment-470430757, when a second tab is opened, the first tab is also logged out.
Dunexus
on 28 Nov 2019
Since @AmyYLee has been working on privacy and security projects, letâs wait for her feedback.
In the meantime, I have an opinion that may be useful:
I think it makes sense that private tabs should share cookies â especially for tabs that are spawned from a âparentâ tab. This allows internal links on Facebook, for example, to work properly.
Whether this would be considered a âMustâ, âCouldâ or âShouldâ, I tend towards the latter.
This is my reasoning:
* Weâve designed Private Browsing to be erasable in one tap (garbage bin) and to self-destruct on quit. * Therefore, itâs reasonable to assume that users are less likely to keep private tabs open, and therefore signed in. * Therefore, it doesnât matter very much whether information on one private tab carries over to another private tab.Interestingly, what seems to happen is that a subset of technical, privacy-conscious users (granted, this was on desktop) seem to prefer each private tab _not_ to share cookies.
* https://bugzilla.mozilla.org/show_bug.cgi?id=117222 * https://bugs.chromium.org/p/chromium/issues/detail?id=15632 * https://bugs.chromium.org/p/chromium/issues/detail?id=24690
Hi,
I agree with @brampitoyo points for sharing cookies across private tabs and we want to be consistent with desktop. If we do hear users feeling strongly about not sharing cookies in private tabs, this should be considered across all browsers (ie desktop and mobile) and we should keep it consistent no matter what we choose to do. In this case we should share cookies across private tabs. Thanks!
AmyYLee
on 28 Nov 2019
Thanks @AmyYLee ! Yes, that sounds good to me. That's the current behaviour on iOS as well and it makes sense if you're researching and opening multiple related tabs
athomasmoz
on 28 Nov 2019
Bug 1533406 is scheduled to be worked on in December.
fluffyemily
on 10 Dec 2019
This seems fixed on nightly for me
mawen7
on 29 Jan 2020
Sounds like this should be fixed. QA please verify :)
sblatz
on 7 Feb 2020
Cookies are kept until the end of the private session:
- closing all tabs individually
- delete all tabs
- delete private tabs from the on-going notification
sv-ohorvath
on 7 Feb 2020
Related issues
phileastv
·
3Comments
clitetailor
·
3Comments
bbinto
·
3Comments
AndiAJ
·
3Comments
vesta0
·
3Comments