Security hole in master password system

Often simply doing a restore previous session will allow you into the websites that were opened previously. I think this happens when you shut down the computer without closing firefox manually. It might be the way is it expcted to work but is a security hole.

Session history files store cookies by default to enable you to more seamlessly resume where you left off. To work around that, you have a few different options:

(1) Log out of sites that involve sensitive data when you are done. That will invalidate the session so even if someone obtained the cookie through one method or another, they would need to log in again.

(2) Disable session history from saving “extra” data like cookies and form text. “How to” details are below the line.

(3) Set Firefox to clear cookies when you exit, and exit normally instead of letting Windows tell Firefox to close. This can get a bit detailed with settings and exceptions, so more on this if you want to try it.

For #2:

(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(B) In the search box in the page, type or paste browser.sessionstore.privacy_level and pause while the list is filtered

(C) Double-click the preference to display an editing field, and change the value to your preferred behavior, then press Enter or click the blue check mark button to save the change.

  • 0 = save form text, POST data, and cookies for all sites [default]
  • 1 = save data for HTTP sites but not HTTPS sites
  • 2 = do not save this data in session history

Can you get it working the way you prefer?