"browser.cookies.remove" method does not remove all cookies

RESOLVED DUPLICATE of bug 1362834

Status

()

Toolkit
WebExtensions: General
P3
normal
RESOLVED DUPLICATE of bug 1362834
9 months ago
8 months ago

People

(Reporter: AuroraBorealis, Unassigned)

Tracking

53 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [cookies][triaged])

(Reporter)

Description

9 months ago
User Agent: Mozilla/5.0 (Windows NT 10.0; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526

Steps to reproduce:

 Some internet pages (google.com or ups.com) provide "semi - permanent" cookies that cant be removed by this method (google => url: ".google.com" name:"NID"). This behaviour could be also a BUG in the cookie collection class. Only if the privacy settings in firefox are set to "custom settings" and the option "accept only 3rd party cookies from visited sites" is enabled, all cookies from the collection can be removed via "browser.cookies.remove".


Actual results:

The cookies are not removed but they are still listed. The internet page that stored the cookie create a new cookie of the same type next time this site is visited.


Expected results:

the browser.cookies class of the API has to be extended by a method "removeAll" that removes all cookies : 3rd party cookies of visited as well as cookies for not - visited internet pages (perhaps: google => google.de visited but 4 cookies are stored for 2 x google.com and 2 x google.de)

Updated

9 months ago
Component: Untriaged → WebExtensions: General
Product: Firefox → Toolkit

Comment 1

9 months ago
Hi Dan,

Who is the person who we should talk to about the overall desired cookie handling behavior / pref configuration combinations.

we have another similar cookie handling question in bug 1362834.  
another webextension+ bug related to this cookies pref... bug 1322113.

before we start changing - want to discuss desired interactions.
Flags: needinfo?(dveditz)
See Also: → bug 1362834, bug 1322113
Whiteboard: [cookies]

Comment 2

9 months ago
As mentioned in bug 1362834, the google cookie that cannot be removed with cookies.remove() comes from a request to safebrowsing.google.com, which happens internally and comes not from a site a user visits.
Thanks for the update Matthias. I'm still not sure what the ramifications of that are. Is that expected behaviour, that a WebExtension would not be able to remove that cookie?
If this is just about not being able to remove the Google safebrowsing cookie then it's a dupe of bug 1362834, and I don't think we want to change the behavior. But the first words of the description here were "Some internet pages (google.com or ups.com) provide..." and something about the "accept only from visited" option. Bug 1362834 wouldn't have anything to do with UPS.com, but I can't tell from the description what the problem with ups.com is supposed to be. The problem statement in this bug is unclear, needs "steps to reproduce" that are actual "steps".

(In reply to :shell escalante from comment #1)
> Who is the person who we should talk to about the overall desired cookie
> handling behavior / pref configuration combinations.

Schedule something with me and Paul Theriault -- probably should be a formal "PI Request" to get it onto our schedules. Unfortunately Tanvi is out for a few months, but maybe we should rope in Jonathan Kingston, too.
Flags: needinfo?(dveditz)
(Reporter)

Comment 5

9 months ago
Hi,

> The problem statement in this bug is unclear...

Problem: 

The function call "browser.cookies.remove" acts different from the feature "clear all cookies" available from "Extra -> Settings -> Privacy -> dialog cookies". The end user / customer expects the same results for both ways.

Steps to reproduce for both ways:

A) 

1. Enable the option "always create a chronik in firefox" in "Settings -> Data privacy".
2. Navigate to "google.com" or "ups.com".
3. Open the dialog from "Settings -> Data privacy -> erase single cookie".
4. Press the button "Erase all cookies".

Result: All cookies have been erased

B)

1. Enable the option "always create a chronik in firefox" in "Settings -> Data privacy".
2. Navigate to "google.com" or "ups.com".
3. call in your addon a function which erases all the cookies via "browser.cookies.remove" function.

Result: NOT all cookies have been erased.

Proposal / Feature request:

Add to the class browser.cookies a method which behaves like the button "Erase all cookies" in the "cookies" dialog from "Settings -> Data privacy".


Best regards

Dipl.-Ing. M. Türschmann

Updated

9 months ago
Flags: needinfo?(sescalante)

Comment 6

9 months ago
thanks Dan for details in Comment 4.

Hi Andy,  Is there anyone besides yourself from the webextension side to you want me to include for the cookie discussion when setting that up?
Flags: needinfo?(sescalante) → needinfo?(amckay)
Please include me in the meeting invite, Shell.
Flags: needinfo?(sescalante)

Comment 8

9 months ago
Shane, Bob and myself please.
Flags: needinfo?(amckay)

Updated

9 months ago
Flags: needinfo?(sescalante)

Updated

9 months ago
Priority: -- → P3
Summary: WebExtensions: the "browser.cookies.remove" method does not remove all cookies → "browser.cookies.remove" method does not remove all cookies
Whiteboard: [cookies] → [cookies][triaged]
This is a duplicate of bug 1362834
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1362834
You need to log in before you can comment on or make changes to this bug.