327487 - Protect cookies from USER deletion by domain/path

Status: RESOLVED WONTFIX

(Core :: Networking: Cookies, enhancement)

Description

[Brian 'netdragon' Bober]

Related to but different than bug 149544, but protect cookies by domain/path from USER deletion when they choose "Remove all cookies". This would not protect cookies from SITE deletion through http headers or javascript. This would not keep cookies from expiring. Users would have to somehow intentionally override the setting (perhaps through a "View protected cookies" dialog with a "Clear protected cookies" button)

This would affect new cookies, and existing cookies.

This would be a useful feature for web developers since we constantly have to "Remove all cookies" and this closes our sessions.

I've tried extensions for this, and they don't work.

Please don't hold back this bug back by discussing a front-end. As long as we can call some chrome JS function, and handle this through about:config, then the front-end can come later or through a 3rd party extension.

Comment 1

[Brian 'netdragon' Bober]

This is a back-end bug, btw. Unlike bug 149544, which doesn't discuss a method for excluding cookies from "Remove All Cookies", this one clearly defines the site (domain/ip/path) as the method for excluding cookies.

Comment 2

[dwitte@gmail.com]

well, as you point out - this could easily be done with an extension right now, simply by enumerating all cookies and removing those not on a particular list. maintaining such a list will always be intimately tied to the UI, and as such i don't think it's appropriate for inclusion in the backend, without a solid and agreed-upon UI implementation. which i don't see happening.

also, i'd note that if you're trying to delete cookies for a particular site - say if you're a webdev - firefox groups cookies by site, and allows you to remove all cookies within that group with a single keypress.

-> WONTFIX