Closed Bug 450850 Opened 16 years ago Closed 16 years ago

Cookies not cleared when Firefox exits

Categories

(Firefox :: Security, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: digital56k, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

When the privacy preference "Always clear my private data when I close Firefox" is enabled and the "Settings..." dialog has been set to erase cookies, the latest version of Firefox is not clearing cookies when all instances are closed normally. I noticed this after my banks website mysteriously started managing to remember my user name on return visits days apart.

"Show Cookies" confirms this behavior. Having been used to this feature working in past I generally expect that closing out the browser before visiting sites that I don't lend much trust to will erase all tracking cookies, prevent some types of XSS attacks on authenticated sites and so forth. Apparently that is no longer the case.

I have Adblock Plus, Web Developer, and NoScript extensions installed, but I doubt these are interfering with this function of the browser.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1

This works fine for me, also with latest trunk. Please retest with a new profile:
http://support.mozilla.com/en-US/kb/Basic+Troubleshooting#Make_a_new_profile

Ria:

Your comment prompted me to go take a look at the profiles folder. It seems that the latest update to Torbutton (1.2.0) is managing cookies outside of the Firefox cookie system in a file called "cookies-nontor.xml" in the users profile folder, and that although it is possible to manually clear all cookies for a session Torbutton does not forget them and in fact re-instates them next time Firefox is loaded.

Therefor, not a bug in Firefox and definitely some kind of problem in Torbutton add-on.

Thanks for your help :)
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
(In reply to comment #2)
> Ria:
> 
> Your comment prompted me to go take a look at the profiles folder. It seems
> that the latest update to Torbutton (1.2.0) is managing cookies outside of the
> Firefox cookie system in a file called "cookies-nontor.xml" in the users
> profile folder, and that although it is possible to manually clear all cookies
> for a session Torbutton does not forget them and in fact re-instates them next
> time Firefox is loaded.
> 
> Therefor, not a bug in Firefox and definitely some kind of problem in Torbutton
> add-on.
> 
> Thanks for your help :)

Thanks for looking into it and for letting us know.  Have you informed the torbutton authors about this behaviour?  If not, we can make sure they're aware of it - since obviously people who use the addon are more likely than most to be concerned about cookie behaviour as well.
Copying Mike Perry in on this, since he mentions in bug 248970 comment 147 that he is one of the torbutton developers.  Given the email address he used though, I'm not sure he'll see this.
You need to log in before you can comment on or make changes to this bug.