Firefox Containers Allows Users To Login With Multiple Identities On A Single Site
Firefox has a solution for those of us who like to keep multiple tabs and accounts open at once. With Firefox Containers, users can open tabs in multiple different contexts – Personal, Work, Banking, and Shopping. This is currently an experimental feature in Nightly, a 64-bit version of Firefox.
Each context has a fully segregated cookie jar. Containers have individual cookies, indexeddb, localStorage, and caches. Users will not need to use multiple browsers, an account switcher, or constantly log in and out to switch between accounts on the same domain. Containers will only segregate data that a site has access to, not data that the user has access to. This means all the websites a user has looked at, regardless of Container, will appear in their History.
The Containers feature will not affect normal web browsing experiences if users select a “New Tab” or “New Window”. The normal tab will continue to access the site data the browser has already stored in the past. Any site data read or written will be put in a “default container”. The interface will not change as well.
So how does this work? Gecko, the layout engine developed by Mozilla Projects, has added additional attributes to the origin called OriginAttributes. Origins are combinations of a scheme, host, and port. Browsers make numerous security decisions based on the origin of a resource using the same-origin-policy. This policy is when a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. Various features require additional keys to be added to the origin combination.
Gecko has added their own additional attributes called OriginAttributes. Gecko will not only check if they have matching schemes, hosts, and ports, but now also check if all their OriginAttributes match. Containers adds an OriginAttribute called userContextId. Each container has a unique userContextId. If a user has cookies with the userContextId in one container, it will not be accessible in another. For more information, including how to download the feature, please click here.