296084 - Adding an option to allow a single short cookie per domain to be persistent

Status: RESOLVED DUPLICATE of bug 296078

(Core :: Networking: Cookies, enhancement)

Description

[MozillaUser]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.7.8) Gecko/20050511
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.7.8) Gecko/20050511

For good reasons, lots of users either disable cookies or allow them only for
the current session.

However, many websites use cookies to store non personally identifiable
preference configuration such as preferred language, favorite layout,
simple/advanced mode, etc ...

These uses are no threat to privacy and can significantly enhance the user's
experience.

The proposal would add a check box in the UI and corresponding code to allow the
normal policy to be bypassed if a cookie follows all these rules :
- The cookie content is 4 characters or less (too short to store a GUID)
- The cookie is from the originating website only (prevents a long cookie to be
formed by joining short cookies from many domains)
- There is no other cookie stored for that domain, or the other(s) cookie(s) for
the domain are limited to the current session (prevents a long cookie to be
formed by joining short cookies)

The option could be called 'Allow a single short cookie per domain' and be
checked by default (since cookie storage is enabled by default too)

A side effect of the change would be to allow websites to offer a better
experience for privacy conscious Mozilla/Firefox users compared to 'alternative'
browsers, without breaking any standard rules.

Reproducible: Always

Steps to Reproduce:

Comment 1

[Hermann Schwab]

*** This bug has been marked as a duplicate of 296078 ***

Comment 2

[Steve England [:stevee]]

*** Bug 296078 has been marked as a duplicate of this bug. ***