MozillaZine

How to delete all cookies at exit except some user defined?

User Help for Mozilla Firefox
pxstein
 
Posts: 29
Joined: August 8th, 2019, 2:13 am

Post Posted May 3rd, 2020, 12:26 am

I want to let Firefox automatically delete all cookies except some user defined.

Therefore I go to:

Options-->Privacy and Security---->Cookies and Sites Data---->Manage Permissions

and enter e.g.

http://sso.foobar.com
http://www.foobar.com
http://foobar.com
https://sso.foobar.com
https://www.foobar.com
https://foobar.com

First question: Is there a way to write only ONE line which matches all of the six domain names above?

http*://*foobar.com

does NOT work.

Ok, now I visit the webpage and login.

The corresponding cookies are now visible in

Options-->Privacy and Security---->Cookies and Sites Data---->Manage Data

Now I close and exit Firefox and restart it.

Much to my surprise the cookies are NOT kept.
ALL cookies are deleted.

Why?

How else can I keep certain cookies?

It is confusing that there are TWO options for cookie deletion:

1.) Options-->Privacy and Security---->Cookies and Sites Data--->Checkbox=Delete cookies and site data when Firefox is closed
2.) Options-->Privacy and Security---->History--->Checkbox=Clear history when Firefox closes--->Settings---->Cookies=Yes

Whats the difference?

What if both contradict each other?

Peter

jscher2000

User avatar
 
Posts: 11062
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA

Post Posted May 3rd, 2020, 7:27 am

pxstein wrote:http://sso.foobar.com
http://www.foobar.com
http://foobar.com
https://sso.foobar.com
https://www.foobar.com
https://foobar.com

First question: Is there a way to write only ONE line which matches all of the six domain names above?

No, but for many sites, only the base domain is needed, so:

http://example.com
https://example.com

It is confusing that there are TWO options for cookie deletion:

1.) Options-->Privacy and Security---->Cookies and Sites Data--->Checkbox=Delete cookies and site data when Firefox is closed
2.) Options-->Privacy and Security---->History--->Checkbox=Clear history when Firefox closes--->Settings---->Cookies=Yes

Whats the difference?

#1 changes all cookies to session-only cookies unless there is an exception, so unless there is an exception, the cookies expire naturally when you exit Firefox and end your session. In the old days, that checkbox was a two-way selection:

Keep until: they expire
Keep until: I close Firefox

That was easier to understand.

#2 does not honor any exceptions; 100% of cookies deleted. If you want to keep any cookies, do not use #2.

pxstein
 
Posts: 29
Joined: August 8th, 2019, 2:13 am

Post Posted May 4th, 2020, 10:04 am

jscher2000 wrote:
It is confusing that there are TWO options for cookie deletion:

1.) Options-->Privacy and Security---->Cookies and Sites Data--->Checkbox=Delete cookies and site data when Firefox is closed
2.) Options-->Privacy and Security---->History--->Checkbox=Clear history when Firefox closes--->Settings---->Cookies=Yes

Whats the difference?

#1 changes all cookies to session-only cookies unless there is an exception, so unless there is an exception, the cookies expire naturally when you exit Firefox and end your session. In the old days, that checkbox was a two-way selection:

Keep until: they expire
Keep until: I close Firefox

That was easier to understand.

#2 does not honor any exceptions; 100% of cookies deleted. If you want to keep any cookies, do not use #2.



Ok, thank you.

Following your explanation I defined an appropriate cookie exceptions for the domains and disabled "Cookies" checkbox in settings of "History" #2

After login into a certain website with login name and password I exit and restarted FF.

Now login name is successfully remembered bot NOT the password.

Why?

Where are passwords stored? Not in cookies?
Do I have to disable "Active Logins" checkbox to let FF remember passwords as well?
Or what else?

"Site preferences" has an empty checkbox

Thank you
Peter

jscher2000

User avatar
 
Posts: 11062
Joined: December 19th, 2004, 12:26 am
Location: Silicon Valley, CA USA

Post Posted May 4th, 2020, 12:56 pm

Any site that stores a password in a cookie needs to be taken off the internet immediately.

Sites generally store a token in the cookie that matches up with a live session on the site. When Firefox submits a request and sends the cookies, the site knows you are signed in and responds appropriately. No cookie, back to login.

The next time you are on the site, open the Storage Inspector (Shift+F9) and make sure the site is setting persistent cookies. If it is setting session cookies, even though Firefox allows persistent cookies, glance around the login form to see whether it has a checkbox to keep you logged in.

Another thing is whether you set up the permissions the way Firefox likes them. It uses origins, which are a combination of protocol and host name. For example:

* http://example.com
* https://example.com

You don't usually need both, it depends on whether it's a secure site.

Return to Firefox Support


Who is online

Users browsing this forum: No registered users and 10 guests