If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Cookie Manager: "Server Secure" is unclear

RESOLVED FIXED in mozilla1.7beta

Status

()

Core
Networking: Cookies
RESOLVED FIXED
16 years ago
12 years ago

People

(Reporter: André Dahlqvist, Assigned: mconnor)

Tracking

Trunk
mozilla1.7beta
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: checklinux)

Attachments

(1 attachment, 4 obsolete attachments)

(Reporter)

Description

16 years ago
In the Cookie Manager, on the Stored Cookies tab, there is a label called
"Server Secure:____". I really think that should be replaced by "Secure Server:
____". Below I will attach a patch that does that.
(Reporter)

Comment 1

16 years ago
Created attachment 51308 [details] [diff] [review]
Patch that replaces "Server Secure:" with "Secure Server:" in both the Cookie Manager and in the help file.
to cookies.
Assignee: blakeross → morse
Component: XP Apps: GUI Features → Cookies
Keywords: patch
QA Contact: sairuh → tever

Comment 3

16 years ago
We are going round in circles here.  Take a look at bug 51145.

I'm not sure I agree with this patch.  "Secure Server" sounds like "secure" is a 
verb (rather than an adjective) and you are going to "secure the server".

Frankly I'm not happy with either "secure server" or server secure" since 
neither reflect what is happening.  The meaning of this field is that if it is 
"true", then the cookie will not be sent back to a server that doesn't use 
https.  So a correct label would be "send cookie to a secure server only".  But 
abreviating it to either "secure server" or "server secure" doesn't capture that 
meaning at all.

Therefore I'm marking the target milestone as "future" which is my way of saying 
that it won't get fixed.  If someone can come up with a descriptive word or two 
that can better describe this field, then please post it here and I'll 
reconsider the target milestone.  Maybe just "secure" would do but I'm sure that 
we had that at one time and it got changed.

cc'ing german on this for the usual reason.
Status: NEW → ASSIGNED
Target Milestone: --- → Future

Comment 4

16 years ago
Same wording occurs on all platforms.  Changing platform from linux to all.
OS: Linux → All
(Reporter)

Comment 5

16 years ago
Morse, we are going around in circles because you change this wording between
version 1.8 and 1.9 without describing why. In bug 51145 Henrik Gemal asked for
the wording to be changed from "Secure Server?" to "Secure Server:". But when
this was checked in it ended up as the horrible "Server Secure".

Comment 6

16 years ago
Oops, you are correct about that.

In any case, I find either wording to be meaningless for the reasons I gave 
above.  Can you suggest something that describes what is really going on?
(Reporter)

Comment 7

16 years ago
How about "Send Securely"?

Comment 8

16 years ago
That would imply that there is something that we would do to the cookie at send 
time to make it secure (such as encrypting it).  It does not convey the concept 
that we won't send it if the site can't receive it securely.

Comment 9

16 years ago
we haven't sparred over this in over a month.
timeless: did you CC us for ideas?

How about "Keep Secret:"?

"Keep Secret: yes" means that we won't do anything to compromise the secrecy of
the cookie. "no" means we don't care.

"Keep Secure" or "Keep Private" might be other options.

Gerv

Comment 11

16 years ago
cc:ing Sean, who's the writer for this area. He's on sabbatical until early
December, so I'll jump in. I like Gerv's suggestion "Keep Secure", or "Secure
Connection".

Comment 12

16 years ago
Created attachment 87806 [details] [diff] [review]
New patch for helpfile and cookie manager with "Keep Secure"
[Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.3) Gecko/20030312]

Some ideas to revive the discussion on this bug:
 (They are all keywords: feel free to mix between them !)
*HttpS (sites) only
*SSL (servers) needed
*Secure (connections) checked

Unlike comment 11,
I don't like "Keep xxx" because it could be related to the storage on the user
computer,
Nor "Secure connection" because (as written in comment 3) it looks like a verb
("Keep xxx" too !).
Severity should be changed from 'Normal' to 'Trivial' !?

Comment 15

15 years ago
.
Assignee: morse → dwitte
Status: ASSIGNED → NEW
Target Milestone: Future → ---

Comment 16

15 years ago
hmm, adding myself to cc since bugzilla apparently doesn't fwd me bugmail on 
this one, even though it's assigned to me...

I also like Gerv's suggestion, "Keep Secure".

-> mvl since he's the "cookie UI guy" :)
Assignee: dwitte → mvl

Comment 17

15 years ago
"HTTPS only" is short enough and describes this flag quite well, I think. I also
agree that "Keep Secure" could mean lots of things like encrypting on storage
media and such.

Comment 18

15 years ago
The meaning of this field in cookies is too complicated to convey accurately in
a tag line (I'd use "secure-only" if I had to).

What we need to do is find a way of getting the full explaination to the user
easily.
QA Contact: tever → cookieqa
Summary: Bad choice or wording in the Cookie Manager: "Server Secure" should be "Secure Server". → Cookie Manager: "Server Secure" should be "Secure Server"

Comment 19

14 years ago
I've been working on some test cases in this area, after thinking about this
some more, and finding that "secure" cookies can only be sent to an HTTPS
server, I like #17.

Comment 20

14 years ago
How about "Require HTTPS:". It should Translate well into other languages as well.
(Assignee)

Comment 21

14 years ago
"Does your grandmother know what HTTPS Only means?"

I don't know if any of the alternatives are any better.  How many users 
understand this flag, let alone care?  And would a different string really make 
any usability difference?  Most people would still need to look at the Help 
file to understand this.   Keep Secure is probably the best of the bunch, IMO.

Comment 22

14 years ago
Created attachment 143010 [details] [diff] [review]
patch. alternative approach using tooltip

Updated

14 years ago
Attachment #143010 - Flags: review?(timeless)

Comment 23

14 years ago
Comment on attachment 143010 [details] [diff] [review]
patch. alternative approach using tooltip

timeless, please do review this if you so desire, but i think mconnor should
look at this too
Attachment #143010 - Flags: review?(timeless) → review?(mconnor)
(Assignee)

Comment 24

14 years ago
Comment on attachment 143010 [details] [diff] [review]
patch. alternative approach using tooltip

Adding a tooltip would be quite inconsistent with pretty much the rest of the
Navigator UI (excluding toolbars, obviously).  Being inconsistent for something
as obscure as this flag is a bad idea.	If someone is curious, the Help file
does have an excellent description of what this does.

I'm almost in agreement of Morse's original assessment that there really isn't
a good fix for this.  HTTPS Only actually is the closest to what it does, but
is that any more clear?

I'm almost thinking we should just mark this WONTFIX and move on to more
important things.
Attachment #143010 - Flags: review?(mconnor) → review-

Comment 25

14 years ago
-> wontfix
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → WONTFIX
I'm sorry, I don't agree. Just because it can't be perfect doesn't mean it can't
be better. If we want to move on, let's switch to "Keep Secure" using attachment
87806 [review], as several people seem to think that's an improvement.

Gerv
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Comment on attachment 87806 [details] [diff] [review]
New patch for helpfile and cookie manager with "Keep Secure"

r=gerv. Who's the module owner associated with Cookies these days?

Gerv
Attachment #87806 - Flags: review+

Comment 28

14 years ago
darin's the MO, i'm a peer. mconnor's the UI guy, so i think any patch that
touches cookiemgr should have his blessing.

mconnor, what do you think of the patch gerv r+'ed?
(Assignee)

Comment 29

14 years ago
the problem with "Keep Secure" that became apparent to me later is that it
implies that we're keeping it in some sort of secure storage.  If we're going to
change for the sake of changing it, I think HTTPS Only would be the better choice.
Assignee: mvl → mconnor
Status: REOPENED → NEW
(Assignee)

Comment 30

14 years ago
Comment on attachment 87806 [details] [diff] [review]
New patch for helpfile and cookie manager with "Keep Secure"

This really would be misleading/confusing.  We don't keep these cookies in any
sort of secure format.

Better solution forthcoming.
Attachment #87806 - Flags: review+ → review-
(Assignee)

Comment 31

14 years ago
Created attachment 143117 [details] [diff] [review]
patch

Instead of 
Server Secure: yes || Server Secure: no
Use
Send For: Encrypted connections only || Send For: Any type of connection
Attachment #51308 - Attachment is obsolete: true
Attachment #87806 - Attachment is obsolete: true
Attachment #143010 - Attachment is obsolete: true
(Assignee)

Updated

14 years ago
Attachment #143117 - Flags: review?(mvl)
(Assignee)

Comment 32

14 years ago
Created attachment 143120 [details] [diff] [review]
patch v2 including dialog update
Attachment #143117 - Attachment is obsolete: true
(Assignee)

Updated

14 years ago
Attachment #143120 - Flags: review?(mvl)
(Assignee)

Updated

14 years ago
Attachment #143117 - Flags: review?(mvl)
Comment on attachment 143120 [details] [diff] [review]
patch v2 including dialog update

>Index: mozilla/extensions/cookie/resources/content/cookieAcceptDialog.js
>         document.getElementById('ifl_isSecure').setAttribute("value",
>                                                                  cookie.isSecure ?
>-                                                                    cookieBundle.getString("yes") : cookieBundle.getString("no")
>+                                                                    cookieBundle.getString("forSecureOnly") : cookieBundle.getString("forAnyConnection")

This line is getting pretty long...

Anyway, i think this improves the wording, so lets go for it. r=mvl
Attachment #143120 - Flags: review?(mvl) → review+
(Assignee)

Comment 34

14 years ago
Comment on attachment 143120 [details] [diff] [review]
patch v2 including dialog update

alec, this one is pretty trivial if you have time before freeze...
Attachment #143120 - Flags: superreview?(alecf)

Comment 35

14 years ago
Comment on attachment 143120 [details] [diff] [review]
patch v2 including dialog update

sr=alecf
Attachment #143120 - Flags: superreview?(alecf) → superreview+
(Assignee)

Comment 36

14 years ago
updating bug summary since Secure Server was rejected around 2002

checked in 03/07/2004 00:25
Status: NEW → RESOLVED
Last Resolved: 14 years ago14 years ago
Resolution: --- → FIXED
Summary: Cookie Manager: "Server Secure" should be "Secure Server" → Cookie Manager: "Server Secure" is unclear
Hardware: PC → All
Target Milestone: --- → mozilla1.7beta
(Assignee)

Updated

14 years ago
Blocks: 216743

Comment 37

14 years ago
V/fixed: Mac OS X, Mozilla 1.7rc2.
Keywords: verifyme
Whiteboard: checkwin checklinux

Comment 38

13 years ago
V/fixed: mozilla 1.7.2/Win XP
Keywords: verifyme
Whiteboard: checkwin checklinux → checklinux
You need to log in before you can comment on or make changes to this bug.