Closed Bug 440973 Opened 17 years ago Closed 11 years ago

Firefox 3 always prompts to accept/reject cookie from local html file, even though "Use my choice for all cookies from this site" is checked.

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: dansoper, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0 My Firefox home-page is set to a local copy of my personal website, using the file:// protocol in the URL. The site has three "themes" using different style-sheets, and uses a cookie to remember which of them the visitor has selected. I have Firefox set to ask me whether to accept/reject cookies, and the "Use my choice for all cookies from this site" checkbox is checked so I only see the prompt once per site. Since upgrading to Firefox 3, my local page prompts every time, apparently ignoring the checkbox. The online version of the site is at http://www.dansoper.clara.co.uk - the problem does NOT occur there; Firefox correctly remembers the cookie accept/reject choice. Reproducible: Always Steps to Reproduce: 1. Obtain a copy of my website, including at least one html page, all the CSS files and the Javascript. 2. Open the HMTL page in Firefox 3 3. Visit any other website. 4. When asked whether to allow the site "file://" to set a cookie, ensure the "Use my choice ..." box is checked, and click "Allow" 5. Repeat steps 2 and 3 Actual Results: On step 5 above, the prompt to accept/reject cookie reappears Expected Results: Having checked the "Use my choice ..." box, the prompt should not reappear. Firefox 2 (and earlier) did not have this problem, but it did fail to remember the cookie setting between sessions. (This may have been a bug in the JS that sets the cookie, however.) Firefox 3 does correctly remember the cookie setting between settings.
This does not affect just local pages. I have experienced this more than occasionally (but not "always") with the http protocol. For example, a few minutes ago, I clicked a Google News link to go to http://news.google.com/news/url?sa=t&ct=:ePkh8BM9E0KzgxVohwELPlsAkqAG2g/4-1-0&fp=48c4e5a299472ebb&ei=0lHESJCeDIjO-AHCy_TMAw&url=http%3A//profy.com/2008/09/07/is-chrome-all-about-advertising/&cid=1242681271&npp=POP&usg=AFQjCNFnf_2cbS5DsrRw8FRILJfOD6SBkw The page was taking a while to even start loading, so I switched to a different tab while I waited. When the page finally started loading from profy.com, a domain which I had never previously visited, Firefox automatically switched back to that tab(!), and prompted me if I wanted to accept a cookie. Even though I clicked no, and had "Use my choice..." checked, I was subsequently and repeatedly prompted. On other occasions, it has taken 20 or more clicks to finally be done with the repeated prompting, usually for the same cookie--or at least the same cookie name.
For me, that link redirects immediately to the profy.com address. I do not see any prompt to accept/reject a cookie, but I have opened a page on that site before, so I probably chose to reject cookies back then. So this is only speculation: what you are seeing may be Firefox's normal behaviour, where cookies from sub-domains are prompted for separately. For example, a cookie set by http://profy.com would produce one prompt, but if the page contained images from http://images.profy.com and that domain sets its own cookies, you'd get a separate prompt. (After a quick look through the HTML for the page you linked to, I see two links to a pages at http://openx.profy.com and one to http://www.profy.com, the rest are all to http://profy.com a far as I can see.) It *is* normal behaviour for Firefox to switch to whichever tab contains the page that wants to set the cookie. Some kind of security thing, I think, so you can't be tricked into approving the setting of cookies by a page that's actually loading in the background.
The explanation of switching tabs makes sense. However, the issue is *not* subdomains. As I said before, in some cases, it is *the exact same cookie* (or at least the same cookie name) for which confirmation is being repeatedly prompted.
The bug is due local disk names in form file:///F:/... When trying to add such address in the exception list manually in the options then an exception for f is remembered, i.e. without colon. It is like that parsing of domain name "doesn't know" local disk names. At the same time the repeating confimation dialog asks for site "file://", so may be the cause is parsing of slashes.
Here's how I just reproduced the problem (http://www.americancivicliteracy.org/resources/quiz.aspx via Slashdot but I bet the URL is moot): * Visit website with "Use my choice..." checked. * When first cookie prompt appears, DEselect the "Use my choice..." checkbox * After clicking "deny" several times for the same cookie, recheck the "Use my choice..." checkbox. * Continue to be presented with the dialog box, for the same cookie, despite having rechecked the box. However, I could not re-reproduce the problem by deleting the host from Preferences > Privacy > Exceptions and reloading the page.
I'm still seeing this on Firefox 3.5.1. Comment #5 is IMO a different bug. It looks to me like the site is trying to set several cookies (or the same cookie several times) while the first prompt messagebox is waiting for your input. So although Firefox does remember your choice, there are already several cookies pending for the same domain name. I think comment #4 is on the right track, it does look like a problem with the "file://" protocol.
This also affect tiddlywiki (www.tiddlywiki.com) a free wiki on a stick implementation. To reproduce, download: http://www.tiddlywiki.com/empty.html to local disk (use wget or browse to http://www.tiddlywiki.com and use the download button). Set your Options/Privacy/History/Cookies's Keep Until setting to "ask me every time". Open empty.html and click on one of the tabs in the right hand column. you will be presented with the dialog "The site file:// wants to modify an existing cookie". Regardless of the setting "Use my choice for all cookies from this site", you will keep being pestered by the popup any time you change tabs (or use other cookie based functionality). Expected operation is the same as for the http: url's, if I select "use my choice..." I expect it to be remebered and to not see the dialog pop up. Thanks. -- rouilj Also this has been unconfirmed for a while. Hopefully this reproduction case will get it looked at? Or am I dreaming?
(In reply to comment #7) > This also affect tiddlywiki (www.tiddlywiki.com) a free wiki on a stick > implementation. Forgot the specifics: firefox 3.0.13 on kubuntu linux firefox 3.5.3 on windows XP sp3 Both were started with a clean profile with no plugins etc. -- rouilj
Bug #452575 appears to be a duplicate of this one. The comments there explain the problem well. The cookie exceptions are stored by host name after stripping off the protocol. When you have a local html file the URL begins file:/// which has no host name after removing the protocol. There is therefore no way to store the exception even if you select to remember your choice. This will happen whenever you have an HTML file on your local disk that contains javascript code to set a cookie. An example I have is some browser based documentation that is designed to be downloaded to my disk. It uses javascript to let me expand and collapse an outline view by clicking on links, and that uses a session cookie to keep track of state. Every click brings up a dialog unless I am willing to set my preferences to globally accept every cookie without asking. I would be willing to do that for just session cookies if this bug isn't fixed, but not for permanent cookies too. So an alternate fix that would work for me would be separate "ask every time" preferences for permanent and for session cookies.
I found in about:config the option network.cookie.alwaysacceptsessioncookies that when "ask every time" preference is set if it is set to true then session cookies will be accepted without asking. A closer look at the particular document I was having trouble with showed that the expires property was being set in the cookie, making it permanent. The workaround for this bug is to 1) in about:config set network.cookie.alwaysacceptsessioncookies to true and 2) if an HTML file on disk still gives you trouble, look for "expires= some date" being set in the cookie (for some actual date) and change the code to not set it.
Reporter, are you still seeing this issue with Firefox 3.6.9 or later in safe mode? If not, please close. These links can help you in your testing. http://support.mozilla.com/kb/Safe+Mode http://support.mozilla.com/kb/Managing+profiles
Whiteboard: [CLOSEME 2010-10-01]
Version: unspecified → 3.0 Branch
Still present in 3.6.9. Still present in Safe Mode (which is a given - see comment 4 above where the cause is identified: what difference could Safe Mode possibly make to this?). This is also quite an easy bug to observe for yourself.
Whiteboard: [CLOSEME 2010-10-01]
Version: 3.0 Branch → 3.6 Branch
Changing "Platform" to "all" and "Version" to "trunk" - comment #8 reports the bug exists in Linux, and I'm now seeing it in Kubuntu with Firefox 4. See also Bug 452575 comment #7.
OS: Windows 2000 → All
Hardware: x86 → All
Version: 3.6 Branch → Trunk
I can confirm that this problem still occurs with Firefox 4.0.1 on Fedora 15.
Can you confirm that this problem occurs in Firfox 6?
Yup. See also comment #12 - you can see this bug for yourself with less effort than it took to write your comment (and far less than it took for me to upgrade Firefox). This bug will continue to exist till it is fixed.
I can confirm this problem still occurs in Firefox 7.0.1 on Mac OS/X. As per comment #7, I ran into this bug when attempting to use tiddlywiki. For me, it is a show-stopping problem. Any chance of extending the Cookie exception mechanism so that it stores per-file exceptions for the file: protocol? Or (much simpler) just add a checkbox in Privacy Settings to "Allow local files to set cookies"? Or (simpler still) just have the above without a settings GUI as a boolean in about:config? Please? :-)
This seems to be finally fixed in Firefox 21.0? Cookie Exceptions are being added per file.
Seems that way in Ubuntu. Can't really check other platforms. I wonder who fixed it, and why? It's certainly not in response to this bug report.
WFM per reporter
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
As of yesterday, I am absolutely STILL having this problem on a number of different sites with FF 28.0 MacBook Air OS 10.6.8. I'll try the latest update, but if this is STILL not fixed in v29, I'm DONE with FF. In fact, it's so infuriating that I already changed my default browser to Chrome. I'm absolutely sick and tired of having to Force Close Firefox on my Mac with these endless cookie-acceptance loops. By the way, what does "WFM per reporter" mean? Works for me?
I can't believe this bug STILL exists. Nine years and counting. Lasted through about 30 major versions.
You need to log in before you can comment on or make changes to this bug.