325435 - In Camino, Google sets cookies although cookies are NOT allowed

Status: RESOLVED WORKSFORME

(Core :: Networking: Cookies, defect)

Description

[promo]

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.1) Gecko/20060125 Camino/1.0b2+
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.1) Gecko/20060125 Camino/1.0b2+

google sets cookies on my hard disk although cookies are NOT allowed on my hard disk, camino just ignores the settings

Reproducible: Always

Comment 1

[Daniel Veditz [:dveditz]]

Josh: can you confirm this, please.

Comment 2

[Josh Aas]

I can't reproduce this bug in the proper sense, but here is what I think is going on. For some reason, Camino may create backups of its Cookies.txt file. They will be called things like "Cookies-1.txt" and "Cookies-2.txt". If you have a bunch of cookies and those get created, then you remove all cookies and do not allow any more, the original "Cookies.txt" file is cleared but the backups remain. This is indeed a major privacy issue.

Comment 3

[Mike Pinkerton (not reading bugmail)]

could camino do this on its own, outside of gecko? i can't believe we have code that does this in Camino.

smfr? mento?

Comment 4

[Josh Aas]

To clarify, I found 2 of those cookies.txt backup files on my system, and after clearing my cookies and disallowing more, they remained populated with my old cookies.

Comment 5

[Simon Fraser [no longer active]]

I don't see any code that backs up the cookies.txt file.
Josh: where were these backup cookies.txt files?

Comment 6

[Simon Fraser [no longer active]]

Reporter: please provide more information about:
1. How you set cookeies to not be allowed on your hard disk, and
2. How you see that certain cookies remain on your hard disk.

Without more information, we're going to have to close this bug.

Comment 7

[Simon Fraser [no longer active]]

Cookie writing uses nsSafeFileOutputStream, that makes unique temporary files:
http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsFileStreams.cpp#498

This would explain the "backup" files.

Comment 8

[Mike Pinkerton (not reading bugmail)]

-> core, i don't see how this could be camino-only.

Comment 9

[Darin Fisher]

promo@vossberg.info: can you please provide more information about where you found cookies on your hard disk?  thanks!

Comment 10

[promo]

okay, id didn't look on the hard disk, only within preferences menue "show cookies"; there were 4 cookies from google, although camino should not accept any cookies and never did. after i had them delete, went back to the google website, did some requests, but this time no cookies were set! and it hasn't occured since. But i know for sure, that cookies exception was turned off at any time!

Comment 11

[Josh Aas]

See comments #2 and #7. I suggest blocking on this, as leaving copies of the cookies file around is a major problem.

Comment 12

[Simon Fraser [no longer active]]

Josh: you want to morph this bug, or file a new one?

Comment 13

[Mike Connor [:mconnor]]

Is it possible that on first startup (ever) google set these cookies as part of whatever default page camino has/had?

Comment 14

[Josh Aas]

326111 has been filed about the way we write cookies.txt.

Comment 15

[Simon Fraser [no longer active]]

My guess is that they came from the start page, before the user went to the prefs to turn the cookies off.

Comment 16

[Daniel Veditz [:dveditz]]

wouldn't mind a fix, but isn't blocking 1.8.0.2

Comment 17

[Simon Fraser [no longer active]]

Blocking flag no longer relevant.

Comment 18

[Darin Fisher]

-> defaults

Comment 19

[dwitte@gmail.com]

too vague to figure anything out here, would need at least a cookie log demonstrating a cookie was set. see http://www.mozilla.org/projects/netlib/cookies/cookie-log.html for how to create one of these.

marking wfm, please reopen if you can reproduce this again. (the backup file thing is a separate bug as smfr notes)