Hello, this is concerning Firefox 3.0.6.
Firefox has three options for startup: you can either start up on your homepage, on a blank page, or on the page you were at last.
I have a password-protected section of a website written in ColdFusion. When the user closes their browser, I want to clear their session, so that when they start up again, they have to log in again.
I use J2EE session variables to facilitate this (set in the CF Administrator). J2EE session vars are supposed to be cleared whenever the user closes the browser (according to ColdFusion documentation).
This works fine if firefox is set to start up on a homepage or blank page. But if you have "show my windows and tabs from last time" selected, you jump right to the password-protected part without any login!
This is a big security hole, can anyone help?