Closed Bug 75915 Opened 19 years ago Closed 16 years ago

whitelist for sites allowed to store (permanent) cookies

Categories

(Core :: Networking: Cookies, enhancement, P3)

enhancement

Tracking

()

VERIFIED FIXED

People

(Reporter: alchemist, Assigned: morse)

References

()

Details

(Keywords: helpwanted)

Attachments

(3 files)

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; 0.8.1) Gecko/20010413
BuildID:    2001041304

The ability to block all cookies except for a selected few (specified by
inputting a site such as msn.com) is a very simple cookie management feature
that needs to be implemented into Mozilla ASAP.  Using MS Internet Explorer, one
can configure his/her Internet zone to block cookies, and then placing sites
they would like to be able to set cookies on their machine in the Trusted zone.
 Zones are not needed, but the same logic stilll applies.  Also note CookiePal
(in the 2nd screenshot on the URL listed above); there is a field to add sites
to accept cookies from, and then for unknown servers, all cookies can be rejected.

Reproducible: Always
Steps to Reproduce:
1. Edit
2. Perferences
3. Advanced -> Cookies

Actual Results:  The cookie manager only allows you to reject cookies from
specific sites, and only after you have received the cookies.

Expected Results:  The ability to block all cookies except for a selected few
(specified by inputting a site such as msn.com) is a very simple cookie
management feature that needs to be implemented into Mozilla ASAP.
*** Bug 75916 has been marked as a duplicate of this bug. ***
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → Future
This may be a duplicate of bug 74257.
Instead of manually entering the sites, the "Unblock Cookies from this Site"
could add the sites if there was a method for blocking by default.
*** Bug 89753 has been marked as a duplicate of this bug. ***
*** Bug 91784 has been marked as a duplicate of this bug. ***
This could be implemented pre-1.0 by simply allowing sites with explicit
permission to set cookies to get/set cookies when "Disable Cookies" is selected.

Or add one more selection, "Disable cookies except explicitly allowed ones."

Shouldn't be much work. It's the same as Enable with the warning, except don't
show the warning, as if the user pressed no, don't accept. No infrastucture changes.
Any takers to un-Future? ;)
Blocks: 91783
OS: Windows NT → All
Hardware: PC → All
Target Milestone: Future → mozilla1.0
Re-targeting... little work for big reward, this is key for 1.0 to make cookie
manager useful to many users. Cc'ing mpt for help on the UI for this.

Thoughts on switching our current "Cookie sites" dialog to something more along
the lines of the UI in the picture (URL)? We have two "Status" that a given site
can be, and I don't imagine a third will be added, so we seem to be waste a lot
of room with the status column, not to mention it's fairly hard to pick out the
"site can set cookies" from all of the "site cannot set cookies" (I have over
500 sites in there). Switching to the two columns, Accept cookies from/Reject
cookies from, would seperate the two groups of domains much better, and allow us
to show twice as many sites on screen at once. Come to think of it, though, this
whole paragraph belongs in a seperate bug.

The real issue at hand is the bottom part of the image, what to do for unknown
servers. Currently, we have:

 ( ) Disable cookies
 ( ) Enable cookies for the originating web site only
 ( ) Enable all cookies

 [ ] Warn me before storing a cookie.

This layout worked fine for NS4, where there wasn't per-site access control, but
it falls short now. My situation: I need (and want) to let 3 sites store cookies
on my machine. If not for those three sites, I would disable cookies outright.
So as-is, I'm stuck on the middle option above, with the "Warn" box checked. As
I mentioned before, I have over 500 sites in my cookperm.txt. This means I've
clicked "No" over 500 times.

There are a number of differant ways to add the UI for this (and I'm sure mpt
can think of some more). We can leave the UI, and have the first option
("Disable cookies") still allow cookies with explicit access to be read and
written. We should mention this prominently, though, so users aren't surprised
they're still sending cookies to some sites.

Or we can add two new options, a soft-disable (still allow accepted cookies to
work) and a hand-enable (even blocked sites will be allowed... might be handy to
turn on temporarily, to use a site you've blocked without having to unblock,
then reblock them.) Wording's a bit rough, but it might go something like:

 ( ) Disable all cookies
 ( ) Disable cookies for all sites except those with explicit access
 ( ) Disable cross-site cookies, and cookies explicitly blocked
 (X) Enable cookies for all sites except those explicitly blocked
 ( ) Enable all cookies
 [ ] Warn me before accepting new cookies.



Or, one last idea, something more radically differant:



 ( ) Disable cookies completly
 (X) Enable cookies
    +--------------------------(greyed out if cookies are disabled above)-----+
    |                                                                         |
    | ( ) Accept all cookies                                                  |
    | (X) Accept cookies except those that I've blocked                       |
    | ( ) Only accept cookies from the originating web site                   |
    | ( ) Only accept cookies I've explicitly allowed                         |
    |                                                                         |
    | [ ] Warn me before accepting new cookies                                |
   |                                                                         |
    +-------------------------------------------------------------------------+
Keywords: helpwanted
Target Milestone: mozilla1.0 → Future
milestone is for assignee. If you want this done sooner than the current 
assignee and you aren't willing to volunteer to do it yourself, please find 
someone to volunteer.  ... But first we need a ui proposal which enough people 
like so the poor volunteer doesn't get lots of complaints after spending lots 
of time implementing something which would be unacceptable to whomever matters.

Category   | Accept | Prompt | Drop | Log
-----------+--------+--------+------+-----
Default    |        |   o    |      |
Cross site |        |        |  o   |  x
-----------+--------+--------+------+-----*The stuff below here is really
Accept     |   o    |        |      |      only useful if you can have an
Prompt     |        |   o    |      |      arbitrary number of categories
Block      |        |        |  o   |

Clicking a category title could check all of the cells in the collumn. 
Accept/Prompt/Drop are mutually exclusive, Log is a bonus which should not 
appear in a distribution (and might not ever be implemented)

but wouldn't it be cool if you could manage your lists by dragging sites from 
one to another:
       Accept       |       Prompt       |          Drop
--------------------+--------------------+------------------------
>foo               <| bar                | baz
 py-ben             | py-yeh             | c-yeh
 eh-ya              | glory              |
 __________________ | __________________ | _______________________

(you could of course drop a bookmark, link, or url-proxy).

if you allow for an arbitrary number of lists, the 2d view becomes unmanagable. 
If bookmarks ever supports aliases (4xp) we could simply make special folders 
and give them permisions. This would probably be the elegant solution, since 
you could have permissions for bookmarks or folders and an easy way to manage 
them.
There are a few workarounds:
- You can open cookies.txt, delete unwanted cookies, save and then mark thr file
read-only. Check, if the file is still read-only after you wuitted Mozilla the
next time, I heard that Windows versions do odd things. However, this workaround
worked fine for me with 4.x Linux.
- You can clear the cookies with the Mozilla UI, then vistied the whitelist
sites, then enable forced session cookies (bug 81226). This will not block
normal cookies, but delete them at shutdown, making them harmless (unless I'm
missing something).
In general: ( ) accept cookies  ( ) decline cookies  (*) ask me

Then the list of cookies, and servers you have accepted/declined cookies from,
can be shown in a single `Exceptions:' table.

Path                  Name            State
-------------------------------------------------
ads.web.aol.com       all cookies     decline
bugzilla.mozilla.org  all cookies     accept
bugzilla.mozilla.org  Bugzilla_login  mpt@mozi...

This would make our cookie UI considerably nicer, since you wouldn't have to
constantly switch between the two tabs.
Re: timeless's UI, I think that's just too complicated. While 'log' is a feature
the junkbuster proxy had, and I'm the one that opened the "add all useful
features from JB to mozilla" tracking bug, that particular feature just isn't
useful even to privacy freaks like me when it comes down to it. As far as
arbitrary number of catagories...we only have three actions we can do, so I
don't see what that buys us, other then making it overly complicated to develop
for developers, and overly compliated to use for users.

Re: mpt's UI, nice attempt, but the pref dialog just isn't big enough to do it
that way =(. You still need to show all the cookie info somewhere... date,
expires, etc... But merging the two tabs under "View Stored Cookies" would be a
good idea, I think.

Since I shot down both of yours, I'll take a stab at my own. Until then, I'm
going to attach a screenshot of the IE6 cookie dialogs, which have some nice
features (and some dumb ones). Things to note:

I don't see much point in being able to block first party cookies, and accept
third party ones.

Always allow session cookies check box. I think there's a bug on adding this.

The privacy slide is kind of stupid and the text is confusing to most users, but
it makes use of P3P in an attempt to give more flexibility. (Though I don't
support the implementation of P3P in Mozilla).
The Edit under Web Sites lets you manually add sites that you allow/block from.
There's a bug on this for us, too.
Attached image IE6 dialogs
we'll definitely do manual adding, and i could imagine the right dialog from 
your picture as a tab in a cookie dialog, but otherwise i don't like the ie 
interface, it's scattered, messy and has that whacky security slider.
Another thing that would be VERY useful in this context:
In the Cookie or Image dialog that appears when you have 'warn me' selected
should also allow for a 'domain' option.  A perfect example:
I go to slashdot.org with 'warn' set, and either 'all' or 'all from host'
selected. I immediately get a question from images.slashdot.org,
images2.slashdot.org etc. asking if they're OK too.

I'd like to see this in the cookie/image dialog:
[ ] Accept/Reject from Domain [...textfield.with.hostname...]
This should be a check button, and the textfield should be greyed out until the
check button is checked, and then people can have 'slashdot.org' there and all
the servers in that domain will be OK (or rejected) depending on the Yes/No
answer you give in the dialog.

This is short, simple, evident, and quite effective.
Hi,

If an UI can't be worked out, as an interim measure how about allowing the ACL
to be checked even if "never accept cookies" is selected, so that it just
becomes the last-resort action in the ACL.

My idea of a swanky UI:

Default cookie action is to:
( ) Accept
( ) Block

[ ] Use per-site cookie management
[ ] Prompt before accepting cookie

(where ( ) == radio, [ ] == checkbox)

I think that's clear enough, and the details can be explained in
context-sensitive help :-)
Of lesser concern is that cookies don't always comes from exactly the same
hostname as the webpage, so "Allow cookies from this site" isn't a complete
solution for people defaulting to blocked cookies.
I don't think the cookie data should appear in the same table as the list of
sites which depart from the default behavior. Presenting two different sets of
information in the same table is confusing.

Bug 53354 needs to be considered here too. I would suggest there should be one
place set the default cookie setting, and a table to set departures from the
default setting.

default choices:
() accept
() accept from originating server
() reject
[] warn me
[] limit cookie lifetime to 
   ()session
   ()__ days

Clicking on a site in the table of exceptions would bring up the "exceptions"
dialog:

from domain mozilla.org:
() accept
() reject
[] warn me
[] limit cookie lifetime to 
   ()session
   ()__ days

All the choices should be available, including whatever the current default
choice is. If the user changes the default choice, the selections the user has
made in the "exceptions" table should remain.

I remember that OmniWeb (a Mac OS X browser) had a pretty flexible and
easy-to-use cookie UI, but I don't have it installed and don't remember exactly
what it was like.
Bug 67580 and to some extent bug 53354 contain discussion about how to make the
cookie UI management less modal. The way I would like to see this is to select
your default policy (accept or deny cookies), and then override this when you
enter a page you don't want to apply your default. The UI for this is already
there (although it could be improved): Tasks|Privacy & Security|Cookie
Manager|Unblock/Block Cookies from this Site.

The only problem is that blocking/unblocking currently doesn't override your
_default_ setting. Changing the order of the tests would be easy, but that would
change the meaning of currently stored cookies... Having a four-way selection
(with "soft/hard-disable/enable") sounds a good solution.

Anyway, I think this (possibility to record per-site accept/deny overrides to
your default) is all that is needed from the backend and it should be
implemented now. How to present this and the other UI improvement details should
be pushed off to another bug to not prevent this new feature from being implemented.

bug 82734 and bug 74257 are also related.
Blocks: 100573
*** Bug 107125 has been marked as a duplicate of this bug. ***
Target Milestone: Future → mozilla1.1
*** Bug 118423 has been marked as a duplicate of this bug. ***
*** Bug 124808 has been marked as a duplicate of this bug. ***
*** Bug 129318 has been marked as a duplicate of this bug. ***
#9 - I don't find a cookies.txt in Mozilla's directories (v0.9.8+)  It looks
like it stores cookies in some kind of binary format.

I don't care how this function looks in the UI but I would very much like the
ability to whitelist cookies AND (the option to?) make all the non-whitelisted
sites "think" they are setting cookies normally when their cookies are actually
never even getting written to disk but to memory where they are erased when the
browser is closed.  This is what happens when you write-protect cookies.txt in
Netscape and I like it very much.

Ideally this function would go one-better than Netscape and redirect ALL
cookie-related requests (from non-whitelisted sites of course) seamlessly to the
"imaginary" cookie file in memory.  I know in some cases (for reasons I never
was able to discern but that I suspect were Java/JavaScript related) certain
sites weren't able to create these "RAM cookies".
Re: comment 23: except for "whitelisting" certain sites, you can already do what
you are describing using the "Limit maximum lifetime of cookies to: current
session" preference setting.
No, you can't.  The best you can do is limit ALL cookies to the current session
except for some few that end up with permanent cookies (accept cookies, let the
site set them, then change back to current session only).  However, this doesn't
account for letting certain white listed sites change or update cookies whenever
they want.

What we want is to deny any site from setting a cookie (or even only letting
them be set for the current session) EXCEPT for some whitelisted sites that can
have changing cookies from session to session.
*** Bug 138947 has been marked as a duplicate of this bug. ***
*** Bug 141435 has been marked as a duplicate of this bug. ***
*** Bug 143880 has been marked as a duplicate of this bug. ***
Priority: -- → P3
Target Milestone: mozilla1.1alpha → mozilla1.2alpha
*** Bug 156858 has been marked as a duplicate of this bug. ***
Target Milestone: mozilla1.2alpha → mozilla1.3alpha
Frankly, this is pathetic.  The original filing of this bug/feature was
2001-04-13. It is now more than a year later. This feature has been requested by
dozens of independent people. To any one half familiar with the mozilla source
code, this is surely a trivial feature to add:  A simple if statement coupled to
a one page form will suffice.  If I had any familiarity with the Mozilla tree I
would do it myself.  Still the target milestone gets bumped farther back (no
it's at Moz1.3; at one pont I think it was destined for 0.9.*).  For privacy and
security I think this is a rather important feature an deserves more effort from
the developers.

Just my 2¢.
Re: comment #30. So get familiar with the tree. You say you're familiar with the
codebase, so...
Compare bug 7380
*** Bug 163904 has been marked as a duplicate of this bug. ***
Summary: Cannot block all cookies EXCEPT for those sites specifically allowed access to place cookies. → [RFE] Block all cookies EXCEPT for those sites specifically allowed access to place cookies.
wesha, please stop adding [RFE] to all bugs that you run into. the severity is
enough to indicate the enhanvement status of a bug. thank you.
Summary: [RFE] Block all cookies EXCEPT for those sites specifically allowed access to place cookies. → Block all cookies EXCEPT for those sites specifically allowed access to place cookies.
My suggestion for a prefs panel would be:


[ ] Enable Cookies

+- By default -------------------------------------------+
|                                                        |
| ( ) Reject cookies                                     |
| ( ) Accept cookies for the originating web site only   |
| ( ) Accept cookies                                     |
|                           ( Manage Execptions )        |
|                                                        |
+------------------------------------------------------- +

... the rest ....

The 'Manage Execptions' would open the cookie manager, with the permissions tab
open. The manager needs an 'add site' button, as in bug 33467.

If we can get some agreement on the UI, someone can start to makeat least the
back-end. And yes, if nobody is working on this I am willing to do it, but I
want to be sure to create an acceptable UI.
Why have the "Enable Cookies" check at all?  It would be simpler to check
"Reject Cookies" and have an empty whitelist for the same thing.  (The extra UI
just gets in the way - unless there's some purpose behind it that's escaping me.)

Also, I think that it should be "Manage Cookie Permissions" rather than "Manage
Exceptions".  "Manage Exceptions" suggests that the sites listed there will
behave the opposite of the radio button you have checked.  (So, with a click,
you change your whitelist to a blacklist and vice-versa.)  "Manage Cookie
Permissions" would still be the same list but, in that list, you would set
whether cookies from those sites are accepted or denied (as per Manage Image
Permissions).
> Why have the "Enable Cookies" check at all?

Let me answer my own question - so you can temporarily disable all cookies, even
those from whitelists, without having delete those entries?  Is there enough of
an interest in this feature for such a thing?  (I'm not sure why I would ever
care to temporarily disable cookies from sites from which I've already said I'd
like to accept them.)

How about, rather than "Enable Cookies" where you put it, an "Enable Cookie
Permissions" in the sub-screen listing the cookies?  It would do the same thing,
but it would remove the somewhat confusing check from where it's currently
proposed and put it directly into the location where it's most obvious what it does.
Yes, the enable cookies checkbox was to be able to turn of all cookies, without
needing to clear the permission list. But that one is open for disccusion. Not
sure anymore if it is needed.

My problem with 'manage cookie permissions' is that is what you are already
doing. You are managing cookie permissions. A button with that text can be
confusing. The permissions dialog are in my opinion exceptions. They don't care
about the general settings, but allow or reject cookies for a specific site. The
behaviour at those sites is clearly listed in the dialog.
Okay, it's just the "exceptions" part that doesn't grab me because even if you
tell it to accept all cookies, you could still have a list of specific sites
that are set to accept cookies.  So those wouldn't be exceptions.  (I don't know
why you'd have this, but it would be possible.)

How about "Manage Sites"?
Blocks: 164421
Manage Sites sounds ok.
We can alse call is 'Manage rules'. If we implement features like wildcart
filtering and regular expressions, that would make sense.

Ans now I think that the 'enable cookies' dialog is not necessary. It is not a
very common situation to browse just for a while without cookies. In that case,
you can use another profile.
When this it's implemented I think adding a button/menu option/popup option for
allow actual server to write cookies.

A little icon on status bar showing the actual server uses cookies will be good
also. The popup could be shown rigth clicking this icon.
NetVicious: that would be a separate bug, possibly depending on this one.
*** Bug 174556 has been marked as a duplicate of this bug. ***
From bug 67580 and bug 174556: I think there should be a check box in prefs that
makes cookies default to session-only and adds a cookie indicator to the status
bar.  Clicking the cookie icon would make existing and future cookies from the
site permanent.  Double-clicking the icon would open some kind of dialog:
cookies from that site, all cookies, or all exceptions.  (This is a replacement
for "ask me before storing a cookie" as well as part of the UI for a whitelist.)
The cookie icon in the status bar is a great idea. Single clicking shouldn't do
a silent action like making cookies permanent though. It should function just
like the security icon.

One click would show a dialog listing all of the cookies that apply to the
current page (just like the security icon).

You could remove any/all, and make any/all permanent.

This would allow you to see what client-side state applies to the current page.
Seems like power users would like this capability.

The icon should be off by default. It would work great with
default-to-session-only setting for power users.
Clicking the icon to accept a cookie as permanent would not be completely
silent.  It would change the appearance of the icon in some way.

I think accepting cookies from a site would be a more common and basic action
than going through the list of cookies from a site, trying to decipher each one,
and exercising a line-item veto when the site is nice enough to use separate
cookies for the things paranoid users want to be separate.  That's why I
suggested single-click to accept cookies and double-click to view a list of cookies.
*** Bug 82734 has been marked as a duplicate of this bug. ***
Summary: Block all cookies EXCEPT for those sites specifically allowed access to place cookies. → whitelist for sites allowed to store (permanent) cookies
*** Bug 74257 has been marked as a duplicate of this bug. ***
My concern is still that a single click should not do something nonobvious, and
take a double-click to find out what. If the user is slow and missed the double
click, they can perform an unwanted action.

This is also highly inconsistent with other toolbar buttons. Single click on the
lock brings up security info. Single click on the plug thingy toggles online
status, easily reversable, and fairly obvious. (Since you'll get a "you are
offline error" if you don't reverse it).

Maybe left click to auto-accept permanently all the cookies on the current page?
And a right click would bright up the info dialog, listing them, and explaining
this stuff.
> Maybe left click to auto-accept permanently all the cookies on the current
> page? And a right click would bright up the info dialog, listing them, and 
> explaining this stuff.

I see nothing wrong with double-click.  There's nothing arduous with doing that
and the main point here is that a single click is far to easy to have happen
accidentally.  A double-click is hardly ever accidental, but it's also quite
simple to perform - intentionally.

Single click should be informational only, as per other functions, for the sake
of consistency.

However, at this point, further discussion is simply repetitive.  Unless
somebody wants to actually submit a patch (about which more discussion can take
place) more dialogue should happen offline.
*** Bug 178048 has been marked as a duplicate of this bug. ***
*** Bug 173490 has been marked as a duplicate of this bug. ***
Actually I think you are all on the right roads - however there needs to be some
pulling together of the ideas:

There are two areas to consider:  Preferences Dialog and Imediate Interface.

The preferences dialog ought to be a place where one can review the current
status and apply all the management functions you desire too.

The Imediate interface should be quick and relatively simple so that it becomes
an accepted part of browsing behaviour, not a frustration to be avoided.

The Preference Dialog needs to allow the specification of the default operation
and show what the current state of affairs is.


Preference Dialog:
 +---------------------------------------------------------------------+
 | SITE                 : #   :  ACCEPT   : WARN :     CONTROLS        +
 +---------------------------------------------------------------------+
 | DEFAULT SETTING      : 763 : None   \/ : [X]  :          {View} |   |
 +-----------------------------------------------------------------+---+
 | bugzilla.mozilla.org : 25  : Persist\/ : [ ]  : {Remove} {View} | - | {up}
 | mozilla.org          : 3   : Any    \/ : [ ]  : {Remove} {View} | | | {Down}
 | sun.com              : 0   : Session\/ : [ ]  : {Remove} {View} | - |
 +-----------------------------------------------------------------+---+
                                                                   {Add}
where
\/ is a dropdond list
{OK} is a button
[x] is a check box
(·) is a radio button
-
|  is a scroll bar
-

The default line would be at the top of the list and specifies the actions that
apply when any cookie from a site not in the list below is recieved.
If the site is in the list below then apply the site specific rules.

The View button allows you to view the contents and of all of the cookies stored
by that site, remove individual cookies, and block individual cookies from being
reapplied.  Basically the current 'Stored Cookies' tab of the cookie manager.

Remove allows the removal of a site from the list - the Default Settings cannot
be removed.

The # column shows the number of cookies each site has stored.

I believe such a dialog would allow complete flexibility at a site level, I
don't think working at the per cooke level is something many people will be
willing to do so it shouldn't clutter the interface.

If anyone had the time it would also be great if the SITE entry could take
wildcards and regular expressions. 


Imediate Interface:
The imediate interface should take the form of a cookie on the status bar that
when double clicked pops up the preference dialog with new line auto-matically
added for the current site, taking the default options, and being scrolled to be
visible.
This would then allow the user just to tweak the settings they want to alter,
press ok, and return imediately to their browsing.

The cookie icon on the status bar could light up every time a site tried to
write a cookie so that it is possible to monitor what is going on non-intrusively.


Finally I'd like to propose that the same style of interface could be applied to
various related areas:
Protocols
Popups
Animations
Sounds
Stylesheets

etc

workaround :

This ought to work on most systems (*nix given as example)
1) open the Cookie Manager
2) keep the cookies you want to have persist - delete all others
3) quit Mozilla
4) find 'cookies.txt' in your profile
5) modify the permissions : chmod 400 cookies.txt
   which will set it to be read-only - also to Mozilla
caveat: the persistent cookies won't be updated

If you want to modify/add cookies to the persistent list:
1) find 'cookies.txt' in your profile
2) modify the permissions : chmod 600 cookies.txt
   which will set it to be read-write - also to Mozilla
3) do as above

results:
1) you'll have a list of persistent cookies
2) all other cookies will be session only no matter your cookie settings
3) the persistent cookies won't normally be modified/updated
> This ought to work on most systems

An easier solution is to allow all cookies just before visiting a site you want
to allow a cookie from, let it place its cookie, then change the setting back to
session only.  This is what I do anyway, and it can be done via the UI.
Every ordinary user isn't going to be a wizard of whitelists.  If nothing else,
observe the straightforward solution done by Cookie Pal for years: you make a
simple set of choices in the preferences as follows:
Cookies from unknown servers:
  O Reject All
  O Accept All
  O Ask for confirmation

There simply must be a method implemented NOW to get rid of the bulk of the
stupid cookie dialogs (which incidentally should say Accept, Always accept,
Reject, Always Reject)!
*** Bug 184059 has been marked as a duplicate of this bug. ***
Ya know...<p>
I think Mozilla should really have something like MSIE's browser helper
objects--pieces of code that run whenever the browser navigates, sends a
request, etc.  The BHO code can look at the outgoing and incoming HTTP headers
and modify them as it wishes.  That would make it possible to implement any
desired cookie management behavior in XUL and connect it up to the Preferences
Toolbar (http://www.xulplanet.com).  <p>
A BHO-like feature would also allow conveniently rewriting clickthrough URL's to
not redirect through the ad server, and all kinds of other things that are now
done in messy ways with external ad-blocking proxies.<p>
It would also be desirable to have some kind of dbm interface accessible to user
scripts, if there isn't one already (I'm not a mozilla wizard, just a relatively
newbie user).  
Bug 173490 is said to be a dupe of this one, but there's a subtle aspect in it
that I don't see here.  (Apologies if I've missed this in the comments
somewhere.)  173490 asked simply for the ability to always accept session cookies.

The UI Duncan describes in comment #53 seems to enable that, but I'd like to
clarify something.  Does selecting Session under ACCEPT mean that Mozilla will
only accept session cookies from that site (or by default)?

Note that this is a bit different than accepting all cookies and limiting their
lifetimes to the browser session.  I really think it'd be useful to simply
accept session cookies, and reject all others.  (I personally feel that session
cookies are quite palatable, but I only want long-lived cookies from specific
sites.  I'd like my browsing habits to reflect this to webmasters.)  Many sites
attempt to set a mix of session and long-lived cookies.

Here's the behavior I'd like to be able to configure:

 - Accept session cookies

 - If a site tries to set a non-session cookie, ask me if I want to accept it.

I think Duncan's proposed UI is really great, and the cookie icon in the status
bar is cool too.  I just really want to only accept session cookies and
(usually) reject all others.


A thought on the cookie icon:  (I'm thinking of something that looks like a
chocolate-chip cookie here.)  It should reflect three states: accepting a
cookie, rejecting a cookie, and modifying a cookie.  Accepting a cookie could be
a flash or pulse.  Rejecting a cookie could show a red circle-slash over the
icon, like a no-smoking sign (it'd be nice to somehow see a count of rejected
cookies too).  I'm not sure how to visually depict modifying a cookie.  Twirl it
around?  Invert its colors?  Morph it into an Oreo?
*** Bug 140137 has been marked as a duplicate of this bug. ***
People were asking for UI.  I suppose I subscribe to Keep It
Simple Stupid.  As of build 2002101612, the cookies
management really provides just about everything that people are
asking for, except for the following:

1) The ability to add sites manually to the cookie management
   dialog (it's possible to add "block" sites manually, using
   the menu, but AFAIK it's not possible to add "allow" sites
   at all except by turning on the "ask me" nag dialog or by
   hacking into Mozilla's preference files manually). This could
   be added via a new menu where "Block cookies from this site"
   is, and/or an "add" button on the management dialog (more
   complicated).
2) Right now, "limit all cookies to session cookies"
   basically ignores the whitelist (not sure about
   the blacklist). The whitelist already exists, so the UI and
   backend are there. My suggestion (no UI changes needed)
   is to alter it such that:
   a) All cookies assigned (in cookie manager) to "can set" are
      always accepted for their full duration, no matter what
   b) All cookies assigned to "cannot set" are always blocked
   c) Any other cookies are governed by the existing cookie
      dialog box in the preferences (e.g., they would be
      allowed, denied, or limited to session)
3) The ability to limit specific sites to session cookies
   (e.g. by using the cookie manager).  This one might not
   be really necessary if point (2) is implemented?
   Alternately perhaps this could be implemented by using
   the menu as well (e.g., "Block all cookies from this site,"
   "Allow all cookies from this site," "Limit all cookies from
   this site" or whatever).  Don't know if the backend for this
   would support it though.

This is a lot simplier than lots of new dialogs and UI and such...
I like M.Paugh's proposal.
Just wondering - the 'target milestone' says 'mozilla1.3alpha', but this is still unadded.  
Target Milestone: mozilla1.3alpha → ---
Whitelisting functionality should make 1.4.

M. Paugh's proposal is good for the short term, although long-term a more
functional and flexible UI for managing permissions would be desirable. Whether
"long-term" also means 1.4 is uncertain, though it would be nice.

Thanks for all your comments; we've taken them into consideration and should
have some nice new stuff for 1.4.
*** Bug 202089 has been marked as a duplicate of this bug. ***
One of the joys of using Mozilla is the emerging
pro-privacy, anti-spam, etc features.  Another is
the level of information available via Tools menu.
I particularly love the feature to expire all cookies
after a particular timeframe.  (Personally, I think
that it should be enabled by default: no cookie lives
more than 14 days, but I'm NOT a cookie expert)  Recently,
I cleaned out over 4000 cookies from a friend's computer!!
(Not a mozilla user quite yet, but soon!)

Just a couple of things I wanted to point out in relation
to 1.3...

The status bar would benefit with some extra indicators:
Javascript (with indication of error and/or blocking)
Cookies    (with indication of blocking)
Popups     (with indication of blocking)

The idea being if a page doesn't display/behave, there is some 
visible clue to the reason why. (Without a blaring dialog)
I think this fits reasonably with the padlock open/closed 
for secure sites.  In a way, a GUI version of the tools menu...

Another thing I wanted to point out is that there
is no information about Javascript or Cookies in
the context of the Page Info dialog.

Anyway, overall, thanks for Mozilla!
*** Bug 145690 has been marked as a duplicate of this bug. ***
The popup blocking indicator is there already.
Blocks: 145690
CC -> self
I don't know whether this is the right bug to add this comment: advice is
appreciated.

These comments all seem to be about when to accept and store cookies that a
remote site sends.  I think there should also be some control over when to send
cookies (especially cross-site cookies) that are ALREADY SET.

Real-life example: I login to www.paypal.com and it sets a permanent cookie
connected to my user ID.  I WANT this cookie because it saves me login typing
when I use Paypal by explicitly visiting it.  Call this cookie "Alice".

Now the bad part.  www.junkmerchant.com has a Paypal logo on their site that
says "Pay here with Paypal".  The logo gif comes from www.paypal.com, which
means that as soon as the merchant's page loads the gif, the browser sends Alice
to www.paypal.com.  Paypal now has personally identifying info that I visited
junkmerchant.com, and further, it shares this info with junkmerchant (the Paypal
privacy statement specifically says that this info can be shared).  The only way
to stop it is to not take persistent cookies from Paypal, which gets rid of the
convenience feature.

So it would be very useful to have a setting for: "do not send any cookies to
any site except the one in the navigation bar, even already-existing cookies". 
That's stricter than the currently available "don't accept new cookies unless
they're coming from the site being visited".  There may have to be a way to
override this case-by-case with the cookie manager, but those instances should
be pretty rare.
Clarification to #70: junkmerchant.com was a made-up example of a merchant site
with a Paypal logo.  The Paypal cookie description and note about Paypal's
privacy statement are real.

Also, in case it wasn't absolutely clear, I'm talking about controlling cookies
that the browser sends to the web site, not the other way around.
> "do not send any cookies to any site except the one in the navigation bar,
> even already-existing cookies".

That's called "Enable cookies for the originating web site only", available in
the cookies dialog, and does exactly what you want, I think. Not sending real
referrers to 3rd parties would help as well. In any case, that's offtopic here.
According to the help file, "Enable cookies for the originating web site only"
stops non-originating sites from STORING cookies.  If it also stops the
non-originating site from RECEIVING cookies that have already been stored, then
the help file's description is incomplete.  Anyone know for sure?  I may try an
experiment sometime to see what actually happens.
Ben's description is correct, but there are ways that sites can circumvent this,
and always will be.

Thanks for pointing out the help file is wrong - I'll see about updating that ;)
Blocks: majorbugs
If anyone cares, as a temporary stopgap til something is done for this CR, I
threw together a Python script that cleans out my cookie file
(.mozilla/default/whatever/cookies.txt) according to a whitelist and blacklist
flie.  I run it a few times a day (actually much more than that, because it's a
new toy) and enjoy seeing the junk it sweeps out.  It prints a list of how many
cookies it's deleted from each domain.  I use it under Linux (installed in same
directory as the cookies.txt and whitelist and blacklist files) and have no idea
whether it can be ported to Windows.  It's at:

http://www.nightsong.com/phr/python/tosscookies.py
Another FYI for users wanting this functionality, bug 184059 was just fixed
which should provide the backend for this, and allow this functionality now, if
you're up to manually editing cookperm.txt.
*** Bug 82858 has been marked as a duplicate of this bug. ***
*** Bug 192176 has been marked as a duplicate of this bug. ***
*** Bug 200873 has been marked as a duplicate of this bug. ***
*** Bug 67580 has been marked as a duplicate of this bug. ***
Jesse a lot of those bugs you duped here are valid, seperate ideas. There's no
design spec here that shows those will be implemented simultaneously, so the
bugs should remain open as the only documentation available.
Hmm...it would be good to merge these subjects into one and try to get the best
of all of them. Marking them as a dupe usualy implies "the person who posted
that bug didn't bother searching for this bug, so ignore that bug", whereas it
would be better to consider all of the comments in the bug marked as
dupe...perhapse that calls for an RFE to bugzilla itself to address it :)
I too wish that there was a cookie whitelist option.
There are only a few websites that actually use cookies
that I commonly visit.  I have all of them marked
as being allowed to store cookies.  It is annoying
to have to disable all cookies so I don't get prompted
for each cookie that I don't want.  I should be able
to select what cookies I want beforehand and then
put the whitelist option.  With it, only those cookies
would get stored, and the others would not be prompted for.
Similarly, it should affect the tools menu so that
block and unblock cookie would become whitelist
and ignore cookie or something to that effect.
[This comment concerns the workaround script previously posted, as I believe it
is of interest to users watching this bug. Also, I retract comment 76, as the
implemented white-listing doesn't (yet?) work with the session-only cookie
setting, which is of more practical use]

If anyone cares to hack a little Python (I only know Perl unfortunately), Paul
Rubin's script is /almost/ there. Issues that really need to be fixed to make it
usable:

This dies if /tmp and the profile aren't on the same file system. Very common.
    os.rename(tempname, cookie_filename)

Most users won't need blacklist functionality, so don't die if there is no file:
    File "./tosscookies.py", line 61, in read_ruledict
        for line in open(filename):
    IOError: [Errno 2] No such file or directory: 'blacklist'

I think those changes, and a little cleanup would make it generally usable for a
great number of interested people. Additionally, it would be nice if it could
automatically find your profiles, and provide a way to match domain cookies
without having to use both the white and black lists. (For random partner sites
under a domain which sets cookies you do want, but happen to be domain-wide)

P.S. If anyone would like to send me the latest edition of Programming Python,
I'll make those changes for you myself. Take up a collection or something. ;)
I see no mention in this bug about the fact that cookie whitelisting and
blacklisting has been implemented quite recently in Mozilla Firebird. I'm
wondering whether it would be feasible to backport that implementation into Mozilla.
Where did you see cookie whitelisting enabled Per? I did not see anything
mentioned ahywhere about this...
In Mozilla Firebird, it's called Cookie Exceptions. I can't find any direct
announcement or a Bugzilla bug for it, but it's in release 0.7 if you want to
try it out (the user interface is in the Cookies section of the Privacy Options
panel).
See bug 217086 comment 1.  There's mention there, that Blake introduced cookie
whitelisting no later than August 23rd.  (But I can't find any actual bug for
this either.)
Hmm...this doesn't quite fit what I had in mind with the bug I reported earlier.

What I was thinking involved having a toolbar control toggle, similar to the
blue popup icon, that would whitelist the site for cookies when you click on it.
All other cookies would be session only. (of course, this entire system is
opt-in only (at first anyways) via a checkbox in the cookie section of the
privacy tab)
dwitte implemented this via another bug in the cookies backend, so if you make
the edits by hand in Seamonkey in cookperm.txt it'll work.  Blake implemented
the exceptions UI into Firebird, there are plans to implement similar changes
into Seamonkey, along with statusbar notifications/whitelisting, which was
waiting on further rewrites of the backend code now done, so its a matter of UI
work now (I wonder who the slacker responsible for that is...)
I strongly agree with comment 53 from Duncan Kimpton, with Marc Branchaud's
update in comment 59 - I'd strongly invite powerfull interface to disallow some
behaviour (cookies, popups, images, sounds) of lame www pages.

for images/popups/sounds a simpls whitelist/blacklist is enough (just to
implement it)

for cookies, It's a little bit harder because of session cookies, but that could
be probably resolved by:
- possibility to differ between session and permanent cookies (if user wishes so)
- force "permanent" cookies to be forgot after session ends.

for comment 61 - could there be two (simple and advanced) interfaces?

However, one feature what I REALLY MISS is to have whitelist of cookies.
To have denied cookies by default and only allow them from menu.

Another idea is that behaviour "accept" and behaviour "reject" should ONLY be
the defaults, with possibility later choose, which rejected cookies on current
page to allow and which to deny. That would imho make the thing much easier - 
one of options "flag" and "ask before storing a cookie" would become redundant.

How do coolkies differ?
- First party / third party
- Permanent / session
- 4(?) privacy settings

What can we do with them?
- allow (with blacklist)
- deny (with whitelist)
- limit them ("permanent" cookies only)

I'd see it this way:

First party cookies: 

   permanent cookies                         session cookies: [X] the same
(*)Allow    [ ]  Ask for storing             ( ) Allow   [ ] ask for storing
( )Deny   [     ] Limit life for this long   ( ) Deny

Third party cookies:          [X] the same first party cookies

   permanent cookies                         session cookies: [ ] the same
( )Allow    [ ]  Ask for storing             ( ) Allow   [ ] ask for storing
( )Deny   [     ] Limit life for this long   ( ) Deny


- if "ask for storing" is checked, Allow/Deny and limit are the defaults
which can be overridden in dialog. Otherwise (or if user presses escape on
cookie dialog, the default action is taken.
- when Limit is "0", it means current session, empty limit means no limit.

I am not sure if privacy settings are important. However, site's privaty policy
should appear in dialog, or there would be more settings like in font selection
Whitelisting of cookie and images is in the current builds. (the entries in the
sites tab of the cookie manager now overrides the prefs, and you can add sites
to the list)
Bug 216743 tracks the tweaks to the UI.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Last time I checked, there was no way to do what this summary says, which is my
ideal cookie configuration.

Have a whitelist of friendly sites, that I want to track me, for my own benefit
(bugzilla, slashdot, yahoo, etc). This works as of recently. Have a blacklist,
as always, for sites I do not want to accept cookies from at all. This has
always worked. And, here's the important part, accept all other cookies as
session cookies, so there is not a MAJOR loss of functionality.

Last I checked, this was not possible. A default policy of accept creates too
many unwelcome permanent cookies. A blacklist can not keep up. And a default
policy of deny, with whitelisting, breaks too many innocent sites, that mearly
need session cookies.

Have any additonal changes been made that this is now "FIXED"?
then i suggest you check again. it's possible to do that now.
> accept all other cookies as session cookies

Edit -> Preferences -> Privacy & Security -> Limit maximum lifetime of cookie to 
(x) current session.

It's been in the suite for many months now.  This will cover all circumstances
that aren't covered by existing blacklists and whitelists.

The only thing that's currently missing is the UI for what's already in the
backend w/r/t whitelists/blacklists.  This bug *could* be closed as resolved - 
except that the current situation (hacking the backend cookperm.txt file)
doesn't satisfy the intitial reporter's "very simple cookie management" criterion.
Attachment #136640 - Attachment is patch: false
Attachment #136640 - Attachment mime type: text/plain → image/png
Attachment #136641 - Attachment is patch: false
Attachment #136641 - Attachment mime type: text/plain → image/png
Verified fixed Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b)
Gecko/20031201

see bug 222553 for the UI fix to this, misc bugs for the rest

screenshots provided for those who obviously aren't using nightlies to base
their opinions on
Status: RESOLVED → VERIFIED
*** Bug 230202 has been marked as a duplicate of this bug. ***
No longer blocks: 164421
Blocks: 158464
No longer blocks: majorbugs
*** Bug 301467 has been marked as a duplicate of this bug. ***
Any chance of getting this for Firefox 2?  Did it fall through the cracks?  We're up to rv:1.8.1.3 now, and there's no sign of it.
Erm... Firefox 2 has this capability?
(In reply to comment #102)
> Erm... Firefox 2 has this capability?
> 
I'm afraid not.  I'm looking at the Tools menu right now and comparing with the screen shots.  The Tools menu has the following entries:  Web Search, Downloads, Add-ons, Error Console, Page Info, Clear Private Data, and Options.

I've also looked through the options menus and the Help menu.  No sign of the Cookie Manager.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 .  New, default profile.
Try the settings/options/preferences menu (I'm not sure what it's called in the EN Version..I'm using a localized version) and then the Privacy tab. 

There's the cookie manager. You can uncheck "Accept cookies" and then add sites under "exceptions". This will cause Firefox to accept cookies only from the specified websites.
OK, now I see it.  There are two UI problems:
1. The "cookie manager menu option" attachment is NOT implemented.

2. The word "Exceptions" does not lead users to a white list.  The word seems to imply a black list.  You'd be surprised how many veteran users do not discover this, and how many cookie extensions there are to do this.

I'll consider a separate bug, but let's see if we can educate users first.  Thanks.
1. This was a Mozilla bug from the time before Firefox existed, and it still exists in Mozilla's successor SeaMonkey. In Firefox, the cookie manager menu item was deliberately removed, together with all other manager menu items. A bug asking for it to be restored would just be WONTFIXed.
2. Please cut the chatter in this long-dead bug. If you need further information, take it to one of the support newsgroups, mozillazine forums, or IRC.
I'd like to have a whitelist for sites, which are allowed to save login or form data. Some login usernames or passwords are not customizeable and it would be nice to have the possibility to save these and only these.
You need to log in before you can comment on or make changes to this bug.