document.cookie needs error when dom.disable_cookie*

VERIFIED INVALID

Status

()

Core
Networking: Cookies
VERIFIED INVALID
15 years ago
14 years ago

People

(Reporter: benc, Assigned: Darin Fisher)

Tracking

Trunk
Future
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
My understanding of javascript is pretty modest, so someone will probably need
to put the right words into my mouth.

What I want is for some kind of javascript error to be sent to console when you
try to use a Cookie via JavaScript, and cannot because the cookie dom prefs are
set to disable access.

This would allow web site developers to avoid things like the "keep re-directing
to my page that sets cookies until I hit the redirection limit". It seems like
it would be reverse compatible with JavaScript cookies current behavior, because
we are just adding an error message a Mozilla-saavy JS coder could trap.

We've gotten that problem reported enough where Darin actually added text to the
re-direction error limit that says "blame cookies". 

I see that as more of a duplicate bug filing preventer than a real solution. I
think we have at least one report of a site that loops to beat its head on the
document.cookie blocking w/ redirects that don't trigger our limit code (maybe
three-way redirects?), which means there are other situations where this create
mysterious and difficult to resolve behavior.

From bug 122866, I know what I am NOT asking for is a security violation,
because I do want execution to continue. Javascript has "throw->catch" handling
of errors right?
This was a conscious decision.  See bug 117707 for the reasoning.
(Reporter)

Comment 2

15 years ago
To demonstrate the problem w/ this, you can look at:

http://www.mozilla.org/quality/networking/testing/cookies/jscookietest.html

Turning off each preference one-by-one, as well as together, you can see how the
results of each test are inconclusive, because error conditions and null cookies
are indistinguishable.

I'm started to look at other browsers, and they don't seem to have a similar
feature, so they don't have this problem.
(Assignee)

Updated

15 years ago
Target Milestone: --- → Future
The dom.disable_cookie* prefs are removed from the tree now, so this bug is
obsolete.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID
(Reporter)

Comment 4

14 years ago
VERIFIED/invalid.
Status: RESOLVED → VERIFIED
QA Contact: cookieqa → benc
You need to log in before you can comment on or make changes to this bug.