chrome 70 destroyed the ability to separate browser and google content logins
Reported by
alxtsk...@gmail.com,
Oct 17
|
||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36
Steps to reproduce the problem:
In Chrome 69 (with "Identity consistency between browser and cookie jar" disabled, and older versions without the need of this flag), you could login/logout independently to the browser and google content.
What is the expected behavior?
1. Logging into the browser did not log you into google content
2. Logging into google content did not log you into the browser
3. Logging out of the browser did not log you out of google content
4. Logging out of google content did not log you out of the browser (pause sync)
What went wrong?
Now the only choice you have is to disable browser login entirely. It's no longer possible to have browser login available, but separate ("Identity consistency between browser and cookie jar" set to disabled does not work)
1. Logging into the browser logs you into google content
2. Logging into google content logs you into the browser
3. Logging out the browser logs you out of google content
4. Logging out of google content logs you out the browser
Did this work before? Yes chrome 69
Chrome version: 70.0.3538.67 Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version:
,
Oct 17
chrome 70 destroyed the workflow in standalone for me. the redirection with the token from the identity server opens in a new chrome tab instead of the standalone app on windows 10. not sure about mobile.
,
Oct 17
,
Oct 18
Able to reproduce the issue on Windows 10, mac 10.13.3 and Ubuntu 17.10 using chrome reported version #70.0.3538.67 and latest canary #72.0.3584.0. Bisect Information: ===================== Good build: 70.0.3525.0 Bad Build : 70.0.3526.0 Change Log URL: https://chromium.googlesource.com/chromium/src/+log/f7f385986a69d648d77b0b9f7821e7901df5c90f..00d099ea75e9565afdee5be3f8e4f54eabc7ae0b From the above change log suspecting below change Change-Id: I77fc0e169536f86637f7501a6100566a50630f55 Reviewed-on: https://chromium-review.googlesource.com/1177708 droger@ - Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Note: Adding stable blocker for M-70 as it seems to be a recent regression. Please feel free to remove the same if not appropriate. Thanks...!!
,
Oct 18
Developer flags such as the on mentioned here (Identity consistency between browser and cookie jar) are only experimental and mostly used for testing and development. There should be no expectation that they can be useful for general users, and so U will close this bug. Now a bit more details: Setting the flag to disabled indeed doesn't do anything, this is working as intended, and as far as I know it was already the case in version 69. The supported solution is to disable browser login. We removed the option to use one account on the web and Sync with a different account. Our main motivation here was to simplify the user experience, and making it easier to signout (signout on the web now also disables sync, in the previous model it didn't and users were accenditally leaving sync ON when they actually wanted to turn it off).
,
Oct 18
> Setting the flag to disabled indeed doesn't do anything, this is working as intended Why have a flag that does not do anything. > and as far as I know it was already the case in version 69. That's not true, I was using it in 69 and it was working, had it kept working this bug report would not exist > The supported solution is to disable browser login. That's not a solution, you might as well offer "stop using chrome" as a "solution" You destroyed useful functionality that was there for years, independent browser login that does not affect and is is not affected by content login. Even if this conflation was desired by some, what must it be forced? There should be a firewall between content and chrome, content should not have the power log chrome in or out. It's actually quite absurd that if I choose to logout of google.com my bookmark sync should stop. And also the inverse that if I decide to sync my bookmarks that somehow means I want to be logged into google web properties. |
||||
►
Sign in to add a comment |
||||
Comment 1 by bugsnash@chromium.org
, Oct 17