Private Browsing Persists Authentication


#1

I recently switched to Brave at work (Windows) and so this post is related to that version. I use Brave on my phone (Android) and at home (Linux), but I don’t use private browsing there so I’m not sure if the same problem exists in those versions.

I’m a developer and for testing purposes of the web applications I’m working on, I need to log into the sites as different users. I’ve been using Firefox private windows for this and the behavior is what I expect, but in Brave it doesn’t work correctly.

If I open a tab and log into my web application as a particular user (user-x) and then open a new private tab and browse to the application in order to log in as a different user (user-y), it shares the authentication token between the “public” and “private” tabs and automatically logs me in as user-x.

Any sharing of data between the “public” and “private” tabs seems like a major security issue to me.


#2

Here is my version information:

Brave: 0.20.30
V8: 6.4.388.40
rev: 8b78402e7b3b91d44d8146cbe4dc8013592c33fd
Muon: 4.7.9
OS Release: 10.0.14393
Update Channel: Release
OS Architecture: x64
OS Platform: Microsoft Windows
Node.js: 7.9.0
Brave Sync: v1.4.2
libchromiumcontent: 64.0.3282.119


#3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.