palant
commented
3 months ago This shouldn’t be an option, this should be the default behavior. Unfortunately, it’s the browser which restores the state after a restart. I’m not sure how one would prevent it.
With auto-lock disabled, the legacy PfP extension still asked for the master password the next time the browser was opened. With this version, at least on Firefox (either Linux or Windows), disabling auto-lock & unlocking once has passwords remain accessible on the next browser session without being prompted for a master password. It may also be the case that this happens when auto-lock is enabled, but the browser is closed while the database is unlocked & the lock timeout has not passed.
It's arguably a feature to leave the database permanently unlocked, so a compromise is to have an option to auto-lock the database when the browser is closed. That way, it's possible to leave it unlocked for an entire Firefox session & to not have to remember to manually lock it if it should be locked on the next browser session.
Possibly related to https://github.com/palant/pfp/issues/142