Closed Bug 1046771 Opened 10 years ago Closed 10 years ago

Removed cookies can unexpectedly re-appear / Cookies cannot be really deleted

Categories

(Firefox :: Private Browsing, defect, P5)

Product:
Firefox
Component:
Private Browsing
Version:
24 Branch
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 823941

People

(Reporter: BM-NBcdiReb2chkdkiKZHH5J9MNdQx6wFEL, Unassigned)

Details

DESCRIPTION:

It seems like cookies can disappear and then magically re-appear when using the cookie exceptions dialog.
Also, it seems impossible to permanently delete cookies.

This violates privacy assumptions that the user has about cookies, and in many cases without the user even knowing it!

I'd assign this high priority because the user is given a cookie deletion dialog that doesn't really delete cookies, thus violating the users privacy.

AFFECTED VERSIONS:

Firefox 24 ESR and Firefox 31 ESR are affected.
Firefox 17 ESR is not affected.
Non-ESR versions not tested.

REPRODUCTION STEPS:

1.: Download and start-up a fresh instance of Firefox. Use a fresh data directory / user profile. Don't import settings from previous installations.

2.: Go to "Edit" → "Preferences" → "Privacy", and select "Use custom settings for history".

3.: Go to "Edit" → "Preferences" → "Privacy", and check "Always use private browsing mode".

4.: Go to "Edit" → "Preferences" → "Privacy", and uncheck "Accept cookies from sites".

5.: Go to "Edit" → "Preferences" → "Privacy" → "Exceptions" and add an exception for a website where you can log in.

6.: Open a new tab and navigate to that website that you've added in step 5, and log in.

7.: While you're still logged in, go to "Edit" → "Preferences" → "Privacy" → "Exceptions", and click "Remove All Sites". This will remove the exception that you've added in step 5.

8.: While you're still logged in, go to "Edit" → "Preferences" → "Privacy" → "Show Cookies", and click "Remove All Cookies". Notice the number of cookies that are actually displayed / removed for the website that you've added in step 5.

9.: Refresh the tab from step 6. You are logged out now.

10.: Go to "Edit" → "Preferences" → "Privacy" → "Exceptions" and add an exception for the same website as in step 5.

11.: Refresh the tab from step 6. Notice whether you're logged in or logged out.

EXPECTED BEHAVIOUR:

In step 8: At least one cookie is displayed.

In step 11: You are logged out.

ACTUAL BEHAVIOUR:

In step 8: Zero cookies are displayed.

In step 11: You are logged in.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.