Closed Bug 533985 Opened 11 years ago Closed 11 years ago

If third party cookies are disabled, extensions can't set cookies via the cookie manager


(Core :: Networking: Cookies, defect)

1.9.2 Branch
Not set





(Reporter: mkaply, Unassigned)


Our extension (Optout) sets optout cookies via an addon so a user doesn't have to visit different sites to set them.

We received a report that it wasn't working for some people and when we debugged, we found that if third party cookies are disabled, the cookie APIs silently fail when writing cookies.

Code like fails:

      var now = new Date();
      var expired = new Date(Date.parse("January 1, " + (now.getFullYear() + 10) + " 12:00:00"));

      var cookie = name + "=" + value +
                        ";expires=" + expired;
//      if (domain.charAt(0) == '.') {
        cookie += ";domain=" + domain;
//	  }

      var uri = ioService.newURI("http://" + domain + "/", null, null);

      cookieService.setCookieString(uri, null, cookie, null);

There is another extension that ran into this problem as well:
You are passing a null channel, which is strongly discouraged for just this reason -- that's how we check whether it's a third party cookie or not

But for this use you probably want the nsICookieManager2::add() backdoor instead. The CookieSafe addon (2497) used this, for example.
Closed: 11 years ago
Resolution: --- → INVALID
If you use the direct CookieManager interfaces you are expected to do all the preference checking and sanity checking yourself, use carefully!
You need to log in before you can comment on or make changes to this bug.