bugzilla.mozilla.org will be intermittently unavailable on Saturday, March 24th, from 16:00 until 20:00 UTC.

Third party cookies handling




5 years ago
5 years ago


(Reporter: hoffi, Unassigned)


18 Branch
Windows 7

Firefox Tracking Flags

(Not tracked)




5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Build ID: 20130116073211

Steps to reproduce:

I tried to find a suitable setting for third-party-cookies:
I want to have my privacy respected, by not letting someone track me all over the net by using cookies. But I also want cookies to be working for iframe-shops or similar.
And then I wanted to submit my solution for this.

Actual results:

The form to describe the solution only allowed 250 characters, which is too little for me.

Expected results:

Give me the possibility to describe the idea.
In lack of a better place, I do this here. Please feel free to close this bug, if you feel that this is inappropriate. But please forward the idea if you like it.

I described the issue above:
My privacy in terms of cookies should be respected. I don't want any website to track me all over the internet. But I DO want that iframes (and iframe-shops) are working (e.g. if they need a session-cookie)
a.com has an iframe pointing to inframe.com and b.com also has an iframe pointing to inframe.com.
Now I can either decide that inframe.com can work with the cookie inside the iframe or not. With the first setting, inframe.com will work, but will also know that I visited both: a.com and b.com.
With the latter setting, inframe.com will not even work.

That's not the best solution for me. What I want, is that inframe.com inside of a.com gets a cookie and inframe.com inside of b.com gets another one. This way, both pages will be working perfectly fine and inframe.com does not even know that I am using both pages at the same time.
Long story short:
Currently, the access-key for the cookie is the server's host. Please change that so that the full host-chain of iframes is used as a key.
IMO this is the perfect way to protect the privacy and have all the iframes working perfectly fine.

Comment 1

5 years ago
3rd party cookie handling improvements like this are bug 818340 (see also bug 818337)
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 818340

Comment 2

5 years ago
818340 is not what I meant here.
In 818340, the third-party cookie can only be set when the outer page already has a cookie. If there are two distinct outer hosts setting a cookie themselves, the third-party page can use the same (own) cookie on both usages.
Here I am requesting that the third-party cookie can be set whether the outer page does set a cookie or not. BUT the third-party can use the cookie only as long as the page is integrated by the same outer host!
Thus this is a different behaviour than the one implemented in 818340 (IMO a better one :-)).
You need to log in before you can comment on or make changes to this bug.