Closed
Bug 625496
Opened 14 years ago
Closed 13 years ago
Clear Adobe Flash Cookies (LSOs) when Cookies is selected in Clear Recent History
Categories
(Firefox :: Private Browsing, enhancement)
Firefox
Private Browsing
Tracking
()
VERIFIED
FIXED
Firefox 4.0b12
Tracking | Status | |
---|---|---|
blocking2.0 | --- | final+ |
People
(Reporter: beltzner, Assigned: dwitte)
References
Details
(Whiteboard: [softblocker][requires Flash 10.3])
Attachments
(1 file, 1 obsolete file)
10.73 KB,
patch
|
dwitte
:
review+
|
Details | Diff | Splinter Review |
Bug 508167 will implement support for the NPAPI methods that Adobe Flash will support in Adobe Flash 10.2+, allowing us to tell that application to delete their version of cookies (LSOs) as well. Previously we have seen a lot of evidence that users are surprised that Flash objects store data on their system and further that this data isn't cleared when browser cookies are cleared. It seems evident that to the user, cookies = cookies, and so the best way to match expectations would be to interpret cookie-clearing actions as meaning "web and flash cookies". When "Clear Recent History..." is selected from the Tools menu, if the "Cookies" checkbox is selected, we should also use the new API from bug 508167 to clear Adobe Flash LSOs for the same time period. Yes, this will clear all LSOs even those set by other browsers; that's acceptable, IMO.
Updated•14 years ago
|
Severity: normal → enhancement
Component: Menus → Private Browsing
OS: Mac OS X → All
QA Contact: menus → private.browsing
Hardware: x86 → All
Version: unspecified → Trunk
Assignee | ||
Comment 1•13 years ago
|
||
This adds relevant bits to sanitize.js, and some tests. Ehsan, I'm not sure if you want to review this or delegate to Josh, who's reviewing the backend bits in bug 508167 -- it might make sense for both of you to look at it, since Josh will be familiar with how the guts works.
Comment 2•13 years ago
|
||
Comment on attachment 509015 [details] [diff] [review] patch >+ // Clear plugin data. >+ let ph = Components.classes["@mozilla.org/plugin/host;1"] >+ .getService(Ci.nsIPluginHost); >+ const phInterface = Ci.nsIPluginHost_MOZILLA_2_0_BRANCH; >+ const FLAG_CLEAR_ALL = phInterface.FLAG_CLEAR_ALL; >+ ph.QueryInterface(phInterface); Please use Cc and Ci in the new code you're adding too. >+ // Determine age range in seconds. (-1 means clear all.) We don't know >+ // that this.range[1] is actually now, so we compute age range based >+ // on the lower bound. >+ let age = this.range ? (Date.now() / 1e3 - this.range[0] / 1e6) : -1; s/1e3/1000/ and s/1e6/1000000/. This code is unreadable enough as it stands. ;-) >+ let tags = ph.getPluginTags(); >+ for (let i = 0; i < tags.length; i++) { >+ try { >+ ph.clearSiteData(tags[i], null, FLAG_CLEAR_ALL, age); >+ } catch (e) { >+ // If the plugin doesn't support clearing by age, clear everything. >+ if (e.result == Cr.NS_ERROR_PLUGIN_TIME_RANGE_NOT_SUPPORTED) { Also check here that age != -1. >+ try { >+ ph.clearSiteData(tags[i], null, FLAG_CLEAR_ALL, -1); >+ } catch (e) { >+ // Ignore errors from the plugin >+ } >+ } >+ } >+ } >+ r=me with the above nits addressed.
Attachment #509015 -
Flags: review?(ehsan) → review+
Assignee | ||
Comment 3•13 years ago
|
||
Fixed nits.
Attachment #509015 -
Attachment is obsolete: true
Attachment #509263 -
Flags: review+
Assignee | ||
Comment 4•13 years ago
|
||
Comment on attachment 509263 [details] [diff] [review] patch v2 Requesting approval. This is a softblocker and wanted for 2.0.
Attachment #509263 -
Flags: approval2.0?
Assignee | ||
Updated•13 years ago
|
Whiteboard: [softblocker]
Reporter | ||
Updated•13 years ago
|
blocking2.0: ? → final+
Updated•13 years ago
|
Attachment #509263 -
Flags: approval2.0?
Assignee | ||
Comment 6•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/2ff5b8624463
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 7•13 years ago
|
||
(Wrong link, should be http://hg.mozilla.org/mozilla-central/rev/37094ed97c9e)
Updated•13 years ago
|
Flags: in-testsuite+
Target Milestone: --- → Firefox 4.0b12
I had a look at the current revision of the file sanitize.js and noticed a weird mixture of Cc and Ci and Components.classes and Components.interfaces That file could use a check and cleanup Some examples: 140 var cookieMgr = Components.classes["@mozilla.org/cookiemanager;1"] 141 .getService(Ci.nsICookieManager); 208 const Cc = Components.classes; 209 const Ci = Components.interfaces; 210 var cacheService = Cc["@mozilla.org/network/cache-service;1"]. 211 getService(Ci.nsICacheService); http://mxr.mozilla.org/mozilla-central/source/browser/base/content/sanitize.js
Assignee | ||
Comment 9•13 years ago
|
||
Yup, feel free to file a bug and patch!
Comment 10•13 years ago
|
||
Just one question, shouldn't be this functionality also added under Options->Privacy->"Show Cookies.."->"Remove All Cookies"? When user click this button expects all cookies to be deleted including LSOs, since ff4 will now support deleting of LSOs.
Comment 11•13 years ago
|
||
Still reproduceble on Mozilla/5.0 (Windows NT 6.1; rv:2.2a1pre) Gecko/20110404 Firefox/4.2a1pre. The .sol files are not deleted when the Tools > Clear Recent History item is clicked. I have to delete manually the .sol files.
Comment 12•13 years ago
|
||
I also can still reproduce. I think this bug needs to be reopened.
Comment 13•13 years ago
|
||
Vlad or Will, can you please tell me which URL you are using to test this fix?
Comment 14•13 years ago
|
||
I have accumulate some history (random pages), no specific URL.
Comment 15•13 years ago
|
||
(In reply to comment #14) > I have accumulate some history (random pages), no specific URL. Can you please tell me a Flash application which definitely stores a Flash cookie on disk? Should be one of those entries from within your history. Thanks.
Comment 16•13 years ago
|
||
Any URL will produce these results for me, but Gmail and YouTube are a couple in specific.
Comment 17•13 years ago
|
||
Youtube for example. I have tried on the latest build, Mozilla/5.0 (Windows NT 6.1; rv:6.0a1) Gecko/20110501 Firefox/6.0a1 and the issue it's still reproducible. After clearing the History, the lso's are still present in the Macromedia folder under Win7. (Users/user/Appdata/Roaming/Macromedia/FlashPlayer/#SharedObjects/"random created directory/)
Comment 18•13 years ago
|
||
Ok, was able to get it to reproduce on OS X with Fx4 final. No .sol files are getting deleted via the clear recent history dialog or on shutdown. Same with Aurora or Nightly builds.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 19•13 years ago
|
||
Make sure you have Flash 10.2 or newer, as Adobe only seems to have implemented the interface there.
Comment 20•13 years ago
|
||
That has already been told in comment 0. So I'm aware of it. Just for reference here my installed version of Flash: Version: 10.2.159.1 Shockwave Flash 10.2 r159
Comment 21•13 years ago
|
||
I see this on Linux as well with: Mozilla/5.0 (X11; Linux i686; rv:6.0a1) Gecko/20110502 Firefox/6.0a1 and: Shockwave Flash File: libflashplayer.so Version: Shockwave Flash 10.2 r159 Steps to reproduce: 1. Delete ~/.macromedia and ~/.adobe 2. Close all browsers. 3. Start Nightly and create a fresh profile (./firefox --profilemanager) 4. Start with that profile and go to youtube.com 5. Start playing any video. 6. Open a new blank tab and close all other tabs (no need to watch any of the video). 7. Go to Tools -> Clear Recent History... 8. Select "Everything" for the time range and check all options, then "Clear Now". 9. Close the browser. 10. cd ~/.macromedia 11. ls --recursive Results: ================================================ ~/.macromedia$ ls --recursive .: Flash_Player ./Flash_Player: macromedia.com #SharedObjects ./Flash_Player/macromedia.com: support ./Flash_Player/macromedia.com/support: flashplayer ./Flash_Player/macromedia.com/support/flashplayer: sys ./Flash_Player/macromedia.com/support/flashplayer/sys: settings.sol #s.ytimg.com ./Flash_Player/macromedia.com/support/flashplayer/sys/#s.ytimg.com: settings.sol ./Flash_Player/#SharedObjects: H73THJQY ./Flash_Player/#SharedObjects/H73THJQY: s.ytimg.com ./Flash_Player/#SharedObjects/H73THJQY/s.ytimg.com: videostats.sol ================================================ The ~/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol file is for the global settings of the Flash player and doesn't reveal any private information as far as I can tell. The ~/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#s.ytimg.com/settings.sol file is for that site's individual settings (such as "always ask to use the webcam"). The file itself I don't think reveals any private information, but clearly the directory name does. The ~/.macromedia/Flash_Player/#SharedObjects/H73THJQY/s.ytimg.com/videostats.sol is the site's cookie which could reveal a number of pieces of private information (and obviously the directory name does as well). The last two files can be seen in the Flash Settings Manager here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html#117645 and here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html#117717 The ~/.adobe directory also gets created again but there don't seem to be any files in there. cd ~/.adobe ls --recursive ================================================ ~/.adobe$ ls --recursive .: Flash_Player ./Flash_Player: AssetCache ./Flash_Player/AssetCache: 269N8LUX ./Flash_Player/AssetCache/269N8LUX: ================================================
Comment 22•13 years ago
|
||
Josh, can you take a look, please?
Comment 23•13 years ago
|
||
I believe the functionality in question here is supported only in Flash 10.3. Can someone confirm that it works with the Flash 10.3 beta or release candidate?
Comment 24•13 years ago
|
||
(In reply to comment #23) > I believe the functionality in question here is supported only in Flash 10.3. > Can someone confirm that it works with the Flash 10.3 beta or release > candidate? I just tested the functionality in Nightly 2011-05-04 and Flash Player 10.3.181.5 RC 1 from FileHippo, and the LSOs do clear properly on browser exit along with the regular cookies.
Comment 25•13 years ago
|
||
(In reply to comment #23) > I believe the functionality in question here is supported only in Flash 10.3. > Can someone confirm that it works with the Flash 10.3 beta or release > candidate? Also checked the web today and you are right. It's not Flash 10.2 we have to test with but Flash 10.3: https://threatpost.com/en_us/blogs/chrome-ie-give-users-ability-delete-flash-cookies-050411 Vlad and Daniel, can you both please test on your platform? I will check on OS X. For now I will mark this bug as fixed again.
Status: REOPENED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
Whiteboard: [softblocker] → [softblocker][requires Flash 10.3]
Comment 26•13 years ago
|
||
After repeating the steps from comment17, there are no LSO's in the folder, not even if I watched some youtube clips, instead in that folder are some SOL files, and these cannot be deleted only manual. I don't know if this is intended or not.
Comment 27•13 years ago
|
||
Works fine for me now with Flash 10.3RC1 and Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Any files including the .sol files are getting deleted under: ~/Library/Preferences/Macromedia/Flash Player/#SharedObjects Only the one .sol file under the following folder remains because it seems to contain some general settings: ~/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys Vlad and Daniel, can you please re-test on Windows and Linux? Thanks.
Comment 28•13 years ago
|
||
Works fine for me using the latest flash 10.3 rc on: Mozilla/5.0 (Windows NT 6.1; rv:6.0a1) Gecko/20110511 Firefox/6.0a1 and also on: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0a1) Gecko/20110511 Firefox/6.0a1 Due to some technical issues, I couldn't see if it's working or not on Ubuntu. Perhaps Daniel Cater will help us in this matter so that the status can be changed to Verified Fixed
Comment 29•13 years ago
|
||
I didn't test it earlier because I hadn't worked out where in the home directory to install the release candidate (so that the stable version stayed in /usr). Turns out $HOME/.mozilla/plugins/ is the place, but it doesn't exist by default. Looks like 10.3 final was just released, so I tested with that (Shockwave Flash 10.3 r181). Following the same steps as I did in comment 21, I can see that this is fixed. The directories and files that contain private information disappear from the filesystem, and also from the Flash settings manager. People on Firefox 4 and above should see the benefits of this once Flash 10.3 is pushed out as an update by Adobe.
Comment 31•13 years ago
|
||
This change had a destructive effect on my flash local shared objects, as I upgraded to the newest firefox 4 + flash plugin 10.3. It was only games, so I don't care that much. I would have thought that the flash shared objects could be a subset of the cookies/history thing, so as to be controlled separately. The cookies could have the same kind of Settings button that history has. The upgrade of a "keep cookies until I close firefox" could have been mapped to a "keep cookies until I close firefox" with settings containing a deselected flash shared obj checkbox, with the same cookie settings effecting the "clear history when firefox closes". It is difficult (impossible?) to reproduce the behaviour I would like, which is to remove all cookies and history at each browser close, with the exception of local shared objects, which I'd like to keep.
Comment 32•13 years ago
|
||
Claudio please file a new bug for it. This bug is closed. Thanks.
You need to log in
before you can comment on or make changes to this bug.
Description
•