I have seen this happen a few times and now it’s bothering me.
Yesterday I opened a private tab (not using Tor). I logged into Amazon and ordered something. Then I closed the private window completely, back to normal browsing where I am logged into a different amazon account.
Today I opened a new private tab (cmd-shift-N) and got ready to log in, but I was already logged in to the same account I logged into yesterday in a private tab.
How is that possible, if closing private tabs/windows truly is private and deletes data related to that session?
@NoMoreFirefox I just tried doing as you mentioned and when I opened a private tab again, it was empty. It does clear cookies by default when you exist private tabs/windows. One thing I’ll ask, did you close all windows/tabs from that private tab or did you leave something running?
If you kept anything from that private tab session still going, then it would retain the data until it’s all closed. That’s ab out one of the only things coming to mind.
Btw, could you also share which version of MacOS you’re using and also which version of Brave? Don’t just say “the latest” but try to give the exact version number, such as 1.57.40 or Mac Monterey 12.6.8. The specificity helps in making sure there’s no confusion and so it can try to be replicated using your system/settings.
Lastly, do you have any extensions you’ve allowed to run on Private windows?
I am running OSX 10.14.6 Mojave and Brave 1.57.57
I know I am behind. I refuse to go higher on Apple, Linux next for me.
I have one extension allowed to run in private tabs - Bitwarden.
And no, i only had one private window open, and I am closing it so there are none others open
Could you revoke permission to run on Private and see if that makes any difference? Just run private with no extensions so we can be clear if that’s playing a role in what you’re experiencing
Hmm. Well I deactivated Bitwarden and tested, problem went away. I will need to test more times, so will over next few days, but you may have caught it. Maybe Bitwarden is creating some sort of leak/link between private and non private tabs. Curious!
thanks
PS, testing further, I have Bitwarden now not allowed to run in private windows but I do still get this problem of sites staying logged in. Amazon is the one I am testing with. Every new private tab I open (cmd-shift-N) its got me logged in. I wondered if thats because I have anotehr private tab already logged in, but I was given the impression Brave ISOLATES browsing between tabs in normal window, never mind private tabs.
To test, I closed that one private tab where I was logged in, and after that all private tabs I open amazon in do NOT have my logged in. So it seems like, if I have ANY private tabs logged into Amazon, ANY OTHER private tab I open will have me logged in.
That surely means browsing data/cookies is being shared, Amazon site can recognise my login from every new private tab, so data is being shared?
`I have seen this happen a few times and now it’s bothering me.
Yesterday I opened a private tab (not using Tor). I logged into Amazon and ordered something. Then I closed the private window completely, back to normal browsing where I am logged into a different amazon account.
Today I opened a new private tab (cmd-shift-N) and got ready to log in, but I was already logged in to the same account I logged into yesterday in a private tab.
How is that possible, if closing private tabs/windows truly is private and deletes data related to that session?`
Same thing happened when I was trying to order food from foodpanda. Got some idea but need more help.
Ok, further testing confirms it is not Bitwarden extension, that was a random red herring. I have it turned off for private tabs, but I am still being kept logged in. Quite concerning considering the privacy features of Brave was my primary reason for choosing it after 15 years using firefox!
It seems you’re misunderstand a bit if I’m seeing how you phrased this properly.
Private window will retain all login cookies and all until the session is closed. The key idea there is that you must close windows. If you leave a tab or window open in private, it is still an ongoing session.
Once the final tab/window of a private session is closed, it will clear all cookies and history from that session from your device.
The only other thing private sessions do is that they block extensions from running, unless you have them set to run in private.
That’s correct. It doesn’t clear the cookies until you close out of all instances of that private session.
I’m not sure what you mean on this? It’s not being shared between private and normal windows. And in terms of saying it can recognize your login? It has cookie that gets made when you login. Until you clear the cookie manually or close all private windows (which then automatically clear cookies), it will keep you logged in.
Thanks. I see that the session continues until all tabs/windows closed for that site. However when I switched from Firefox to Brave, I (presumably mistakenly) thought it could do what I was doing in Firefox. I had tools which would isolate my site data (i.e. cookies) between tabs. So I could open amazon in one tab and log in, then open it in another tab and it wouldn’t recognise me as it wouldnt see the cookie, due to it being stored in a separate cookie container. I think that was the name of the extension “cookie containers” or similar.
Right, yes. I do use profiles, but thats a bit tricky for day to day use. Was hoping for a way to just do as I did with FF - isolate all browsing per site
As far as I know, there’s nothing native within Brave that would let you do it. There may be some extensions available that could let you do it, but that’s a use at your own risk kind of thing.
Yeah, gotcha. When i moved to Brave, it was mostly to get rid of the need for extensions. I had loads in FF which was a fingerprint all of its own. Brave has so many built in protections, not as many as i had (I now realise), but a lot that I did via extensions.
Such a shame, I don’t think you can get cookie containers for Brave, Firefox only i think. I thought Brave isolated cookies or had other ways to prevent one site sniffing your activity in other tabs/sites. Is there anything remotely like that going on in Brave?
thanks again
That’s cross-site cookie blocking, which is the default for Shields if I remember correctly. The especially if you put Tracker and Ads Blocking to aggressive. The latter will make sure only first party cookies are used on each site.
Then as @rgolds88 mentioned, there’s Forgetful Browsing which offers something a bit different.
However, if I’m understanding you correctly in that you want each tab to have its own set of cookies, I don’t think any of those options are at all what you had been talking about.
Big challenge is just trying to fully understand what you’re wanting.