Closed Bug 836281 Opened 11 years ago Closed 11 years ago

Third party cookies handling

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
18 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 818340

People

(Reporter: hoffi, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Build ID: 20130116073211

Steps to reproduce:

I tried to find a suitable setting for third-party-cookies:
I want to have my privacy respected, by not letting someone track me all over the net by using cookies. But I also want cookies to be working for iframe-shops or similar.
And then I wanted to submit my solution for this.



Actual results:

The form to describe the solution only allowed 250 characters, which is too little for me.


Expected results:

Give me the possibility to describe the idea.
In lack of a better place, I do this here. Please feel free to close this bug, if you feel that this is inappropriate. But please forward the idea if you like it.

I described the issue above:
My privacy in terms of cookies should be respected. I don't want any website to track me all over the internet. But I DO want that iframes (and iframe-shops) are working (e.g. if they need a session-cookie)
Example:
a.com has an iframe pointing to inframe.com and b.com also has an iframe pointing to inframe.com.
Now I can either decide that inframe.com can work with the cookie inside the iframe or not. With the first setting, inframe.com will work, but will also know that I visited both: a.com and b.com.
With the latter setting, inframe.com will not even work.

That's not the best solution for me. What I want, is that inframe.com inside of a.com gets a cookie and inframe.com inside of b.com gets another one. This way, both pages will be working perfectly fine and inframe.com does not even know that I am using both pages at the same time.
Long story short:
Currently, the access-key for the cookie is the server's host. Please change that so that the full host-chain of iframes is used as a key.
IMO this is the perfect way to protect the privacy and have all the iframes working perfectly fine.
3rd party cookie handling improvements like this are bug 818340 (see also bug 818337)
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
818340 is not what I meant here.
In 818340, the third-party cookie can only be set when the outer page already has a cookie. If there are two distinct outer hosts setting a cookie themselves, the third-party page can use the same (own) cookie on both usages.
Here I am requesting that the third-party cookie can be set whether the outer page does set a cookie or not. BUT the third-party can use the cookie only as long as the page is integrated by the same outer host!
Thus this is a different behaviour than the one implemented in 818340 (IMO a better one :-)).
You need to log in before you can comment on or make changes to this bug.