Open Bug 284315 Opened 19 years ago Updated 3 months ago

Support ignoring whitelisted sites when clearing cookies.

Categories

(Firefox :: Settings UI, enhancement)

Product:
Firefox
Component:
Settings UI
Platform:
x86
Windows XP
Type:
enhancement

Tracking

()

Milestone:
Future

People

(Reporter: u88484, Unassigned)

References

Details

If you allowed firefox to keep cookies of a certain site, you wouldnt want to
sanitize the cookies that you have allowed only one that you havent.
a status "Allow and protect against automatic deletion" instead of "Allow" would
be nice.
These would only be deletable via Options-> Cookies-> [View Cookies] and not via
"Sanitize Firefox" or [Clear Cookies Now].

How much a common user would understand of this is another thing though.
They probably don't even understand what a Sessioncookie is.
My guess is that they probably never even look at the Cookies options.

(I have very mixed feelings about this bug)


Thats why I suggested by default that only cookies that are not on the exception
list get deleted. Most users won't have anything on the allowed list anyways but
more the more expirenced users may have cookies on the exception list...and
those are what should not be deleted by you clear the cookies. They were added
to that list for a purpose, because that user wanted those cookies and
definently not want them deleted automatically.
I too have mixed feelings.  Perhaps the "Clear Cookies Now" button should always
delete ALL cookies, and the "Sanitize" button shouldn't delete cookies in the
allowed list.  The sanitize dialog would have to have some sort of note about
this, and it should probably be configurable by a hidden preference (to
configure whether sanitize deletes all cookies or not).  But there could be
controversy if people get upset over the fact that sanitize doesn't completely
sanitize Firefox...
There are "good" cookies and there are "bad" cookies.
I currently maintain a "PermanentCookies.txt" file of my "good" cookies.  When I
exit FF, I use a batch file to delete cookies.txt, copy my PermanentCookies.txt
to my profile, and then rename it to cookies.txt.  Sort of klutzy, but it works.
I think this is what the reporter is suggesting that FF do for us.  Maybe a
checkbox for each cookie that indicates "this is a good cookie, don't delete it".
Summary: Allowed cookies should not be deleted when Cookie sanitize is seleted and used → Allowed cookies should not be deleted when Cookie sanitize is selected and used
What about if, in the Sanitize Settings dialog, right under the Cookies option,
there's a "sub option" that says "But not cookies in my allow list"? As Tom
pointed out, people might get upset if Sanitize doesn't completely sanitize
Firefox...but it already follows the options in that list. So why not just add
another option in there that specifies whether the allow list is sanitized? I
know we're trying to keep the Prefwindow simple enough for Joe User to
understand, but it seems to me that this is as clear as the "Common JavaScript
Annoyances" checkbox.

Just a thought...
How about just renmaing it to something along the lines of 'Cookies not on
exceptions list' and changing it so that only cookies not on the exceptions list
are deleted.
Summary: Allowed cookies should not be deleted when Cookie sanitize is selected and used → Allowed cookies should not be deleted when sanitize cookies is selected and used
This is my first time making a comment here.. but this is something I believe in
strongly. I have really enjoyed Firefox removing all cookies except the ones in
my exceptions list. What's the point in having exceptions if it removes them all
or you have to leave them all or remove them one at a time? Exceptions would
become worthless wouldn't they? If I'm wrong then I welcome more info on why.
(In reply to comment #6)
> How about just renmaing it to something along the lines of 'Cookies not on
> exceptions list' and changing it so that only cookies not on the exceptions list
> are deleted.

I don't think that's a good idea either. What if I use the exception list so
that it blocks every cookie except for Bugzilla cookies, for the current
session. But I *also* want those cookies cleared out every time I close Firefox.
I think there should be a way to say "I want every cookie cleared out" and a way
to say "I want every cookie but the exceptions to be cleared out".  Does/would
anybody use the exception list this way? 

This kind of dovetails into IceDogg's comment about how the exception list would
become worthless. Remember that the exception list is also used for blocking
cookies. (The exact opposite of how you use it.) So the exception list wouldn't
be worthless if you used it to just block certain sites you didn't like.

I still think the best solution would be to have a sub-option for the cookies
option in the sanitize settings dialog. It would allow for those that want all
cookies cleared and those that want certain cookies saved.
(In reply to comment #8)
> (In reply to comment #6)

> I still think the best solution would be to have a sub-option for the cookies
> option in the sanitize settings dialog. It would allow for those that want all
> cookies cleared and those that want certain cookies saved.

I think that would be great!! that's all I ask for really. And the certain
cookies would be the ones in the exceptions list as allowed.
Note that the difference between selectively clearing cookies via a regexp vs.
dumping all cookies is quite large.  We'd basically have to read each cookie, do
a permission manager check against the host, and if it matches, we skip it. 
That's a lot slower than nsICookieManager.removeAll.  As a result, this cannot
be fixed anytime soon.  The right fix is to add a method on nsICookieManager2 to
clear all non-whitelisted cookies.  Trying to implement this in the frontend
will never be viable, so at best this is Future, to be dependent on a backend
solution for this (which isn't going to happen in the Gecko 1.8 cycle).  UI for
this is debatable, or whether we should just have a buried pref for how
removeAll works.  (i.e. network.cookies.removeAllIgnoresWhitelist.)

-> nobody@m.o, for now, until there's a backend solution.
-> Future, since its after 1.1 at best.
-> Enhancement, since its intended behaviour, not a bug.

Note: I think this is almost trying to skin a cat via another means.  If your
desire is to still accept cookies, but clear everything except certain
whitelisted sites, we already do this in another form.  If you add sites to
Allow then the keep cookies setting is ignored for cookies from that site.  So
you can set up Firefox already to allow cookies only for the current session,
and whitelisted sites will happily ignore that and store persistent cookies. 
When you exit Firefox, all session cookies are dumped, so everything's gone.
Assignee: bugs → nobody
Severity: normal → enhancement
Summary: Allowed cookies should not be deleted when sanitize cookies is selected and used → Support ignoring whitelisted sites when clearing cookies.
Target Milestone: --- → Future
(In reply to comment #8)
> I don't think that's a good idea either. What if I use the exception list so
> that it blocks every cookie except for Bugzilla cookies, for the current
> session. But I *also* want those cookies cleared out every time I close Firefox.

if the cookies are on your blocked list then they wouldnt have been saved in the
first place since they are blocked

(In reply to comment #11)
> if the cookies are on your blocked list then they wouldnt have been saved in the
> first place since they are blocked
> 

I meant that I wanted the Bugzilla cookies cleaned out every session too. But
like Mike said, it's not really feasible until the underlying architecture
supports it.
(In reply to comment #10)
...
> Note: I think this is almost trying to skin a cat via another means.  If your
> desire is to still accept cookies, but clear everything except certain
> whitelisted sites, we already do this in another form.  If you add sites to
> Allow then the keep cookies setting is ignored for cookies from that site.  So
> you can set up Firefox already to allow cookies only for the current session,
> and whitelisted sites will happily ignore that and store persistent cookies. 
> When you exit Firefox, all session cookies are dumped, so everything's gone.

Maybe it makes sense to handle all of this in one cookie manager area then
instead of the confusing way it is done now. Just thinking out loud here, and it
is obvious that others are confused on this.

*** Bug 296320 has been marked as a duplicate of this bug. ***
The extension Cookie Culler can do this:

http://www.extensionsmirror.nl/index.php?showtopic=225
sorry for bugspam, long-overdue mass reassign of ancient QA contact bugs,
filter on "beltznerLovesGoats" to get rid of this mass change
QA Contact: mconnor → preferences
related to bug 149544, which describes a more general request of being able to specify which cookies to 'permanently' keep.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.