New issue
Advanced search Search tips

Issue 611051 link

Starred by 1 user
Status: WontFix
Owner:
wfh@chromium.org
Closed: Jun 2016
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Stole user session after crash

Reported by gabriel....@gmail.com, May 11 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36

Steps to reproduce the problem:
1. Open chrome and access any service like gmail or facebook
2. lock the user windows session
3. Log in the same computer with a other user
4. Open the task manager and finish all chrome process of the first user
5. Then open the chrome and click to recover the pages

What is the expected behavior?
Is to open the chrome without it asking to recover the pages of the first user

What went wrong?
The chrome recover the pages with the sessions and cookies of the previous user (That one who lock his windows session). So the second user is logged in the first user account of gmail or facebook.

Did this work before? N/A 

Chrome version: 50.0.2661.94 m  Channel: stable
OS Version: 7 Home Basic - Service Pack 1
Flash Version: Shockwave Flash 21.0 r0

Comment 1 by wfh@chromium.org, May 11 2016

Labels: Needs-Feedback
This should not happen unless both users are sharing the same Chrome user data dir. The Chrome user data dir is by default in a location only readable by the user running Chrome - in %localappdata%

Can you check that you have not overridden the user data dir to point to the same location for both users?

You can check this also by going to chrome://version and looking for "profile path".

Comment 2 by gabriel....@gmail.com, May 11 2016 

Hi, thanks for the answer.

I check, and the profile path is pointing to same location, but the default is not set to pointing in a different location for each user?
I never needed to change this settings.
Looks like the first user who install the chrome keeps his profile path.

The chrome should'n check this settings per user?

thanks again.
Project Member

Comment 3 by sheriffbot@chromium.org, May 12 2016

Labels: -Needs-Feedback Needs-Review
Owner: wfh@chromium.org
Thank you for providing more feedback. Adding requester "wfh@chromium.org" for another review and adding "Needs-Review" label for tracking.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by ClusterFuzz, May 12 2016

Status: Assigned (was: Unconfirmed)

Comment 5 by wfh@chromium.org, May 12 2016

Labels: -Needs-Review Needs-Feedback
Thanks for your feedback. Each Windows user will have a different profile. Can you post a screenshot of what you see in chrome://version for each different Windows user?

Comment 6 Deleted

Comment 7 Deleted

Project Member

Comment 8 by ClusterFuzz, May 21 2016

Labels: Missing_Severity-3 Missing_Impact-3

Comment 9 by lgar...@chromium.org, May 21 2016 

Gabriel, are you sure you are logging into two different (OS) user accounts?
It sounds unlikely that two separate accounts would have access to the same AppData folder and use it by default.

Comment 10 by lgar...@chromium.org, May 21 2016

Labels: -Type-Bug-Security -Missing_Severity-3 -Restrict-View-SecurityTeam -Missing_Impact-3 Restrict-View-Google Type-Bug
Moving off the security queue, since it doesn't seem like there's a Chrome vulnerability. Keeping restricted due to username in the file path.

Comment 11 by wfh@chromium.org, Jun 6 2016

Labels: -Restrict-View-Google
Status: WontFix (was: Assigned)
WontFix as both profiles were running off same profile dir so this is WAI.

Sign in to add a comment