702415 - Clearing site preferences shouldn't clear cookie exceptions

Status: NEW

(Firefox :: Settings UI, defect)

Description

[Chucky Ellison]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
Build ID: 20111104165243

Steps to reproduce:

- Uncheck "accept cookies from sites"
- Add cookie exceptions
- Check "clear history when firefox closes"
- Check "site preferences" in clear history settings
- Restart firefox



Actual results:

Any cookie exceptions added to the list have now been deleted.  The cookie exception list is blank


Expected results:

It should not have deleted cookie exceptions.  While these might literally be "preferences about sites" they aren't functionally the same thing.  They are very different in nature from, for example, how much I zoom (ctrl+) on a website.

Why would anyone want to delete cookie exceptions when the browser closes?  I added them using a specific dialog box.  I should only be able to delete them from that box.

Right now there is no way to avoid site settings being saved and use cookie exceptions to whitelist sites.  This is a serious privacy violation.  Site settings websites are listed in plaintext in the contents-prefs.sqlite database.  For privacy reasons, it is important to be able to delete these when closing firefox.  However, whitelisting websites for cookies is also necessary for privacy. 

At the very least, deleting site history should not delete cookie exceptions.

An alternative solution would be to generalize the exceptions mechanism.  It would be nice to say "here is a list of special websites", and then be able to say 
- delete cookies, except from those websites
- block cookies, except from those websites
- do not keep site preferences, except from those websites
etc.  This would be a much more general mechanism.

Comment 1

[Mardeg]

Just a note that apart from the original dialog box, cookie exceptions can now also be set from about:permissions and from a webpage right-click -> Page Info dialog, "Permissions" section.

However I don't think this makes it any clearer that the "Site Preferences" checkbox includes cookie exceptions. It just seems that someone in UX decided it'd clutter the dialog by instead adding checkboxes for each of Cookie exceptions, Zoom level, Image loading, Popup exceptions, Share Location, Secure Connection, Activate Plugins and Theme/Extension installation!

Comment 3

[Jesse Ruderman]

I wonder if cookie exceptions should grow into site-preference exceptions.  If I want to keep cookies for one site, I probably want to keep its zoom level too.