asked 2017-03-06 04:14:45 +0300
Currently Active Logins cannot easily be controlled in SFOS browser.
Recommend additional section under privacy:
Active Logins
Allowing you to maintain or disconnect all logins on browser restart, phone restart, phone shut down, browser close etc.
answered 2017-03-06 17:57:09 +0300
This apparently simple request is potentially more complicated than it seems. The phrase 'active logins' often refers to sites using http basic authentication (the ones that generate a popup asking for a password and give a '401 Unauthorised' if you get it wrong). So 'clearing active logins' means clearing the cache of credentials. I suspect that's not what you mean, though.
Most secure sites use session cookies to maintain a login session, and these should by definition be cleared on close of the browser or the OS. But if the browser crashes they may survive and be used to restore the logged-in session, shopping basket, whatever. Or may not - I don't know what the SFOS browser does. There's a potential risk in doing that.
'Keep me signed in' sites - like TJC - usually use 'permanent' (long-expiry) cookies for the purpose. The SFOS browser allows you to clear those manually but, again by definition, you don't usually want to clear them automatically. Do you mean you want an option to do that? Those who like clearing cookies often then want a whitelist so they can clear permanent cookies but keep some known ones.
There are also several in-browser storage methods that sites could use to maintain a logged-in session, but mostly don't AFAIK - though they do use them to track you when you're logged out. For example the storage used by my addon stores question numbers and dates (though it doesn't run on the SFOS browser - the same storage is available to websites). Some browsers clear all that data with 'cookies' - I don't know if the SFOS browser does that.
Then there's the browser's own logins - eg sync in Firefox - which AFAIK the SFOS browser doesn't have - yet.
So it depends what you want to do that's not done at the moment.
I am thinking management of short and long term cookies, as well as timed cookie destruction say every month at minimum.
Clearing these login cookies together with related cache and offline website data.
For now i recommend simply clearing all long term cookies that havent been deleted in a while say browser hasnt crashed or been closed in a while and tab with website hasnt opened in a while.
DarkTuring ( 2017-03-08 08:37:01 +0300 )edit@Dark Turing There could be a more complicated cookie-deleting process, sure. I think it would rarely be used. As long as session cookies are cleared correctly - otherwise it's a bug - and users can clear all the rest, it's enough for a mobile browser IMO.
If anything I'd like the facility to delete cookies for a single site (maybe you can - I didn't look). I often do that with a bookmarklet - but those no longer work.
In fennec, you'll find 'clear cookies and active logins' - the latter being http auth token cache as I described. 'Offline data' - another misleading term - is managed separately - that might be a good idea in SFOS.
Cookies are misunderstood by most users IMO. They've been given a bad reputation by scareware. I haven't cleared all cookies for years. How about dropping the word entirely, and referring to "websites' stored data"?
DaveRo ( 2017-03-08 09:54:37 +0300 )editAsked: 2017-03-06 04:14:45 +0300
Seen: 272 times
Last updated: Mar 07 '17
what logins? show me example of such feature in some other (android) browser.
coderus ( 2017-03-07 10:39:41 +0300 )edit