[GLLUG] Firefox Cookie Control
Charles Ulrich
charles at bityard.net
Sun May 31 17:10:03 EDT 2015
There are quite possibly a number of things going on here, but I don't
think any website has the ability to tell a browser to override the
user's cookie preferences.
The first is the distinction between session cookies and regular
cookies. Cookies which have an expiration date attached to them are
regular cookies. Cookies which do not are session cookies. Session
cookies are supposed to be cleared from the browser when it is closed,
but this doesn't always happen. (I don't see a ways to control how long
normal cookies live before they expire, beyond nagging you every single
time a site wants to set one.)
For instance, I have my Firefox set up to treat all cookies as session
cookies except the ones from sites I manually add to a whitelist. But
when I close and reopen Firefox, I still have a bunch of cookies in my,
er, cookie jar. This is because I have "Show my windows and tabs from
last time" selected in the General Preferences. I make heavy use of tabs
and tab groups in Firefox, so it keeps the session cookies around for
those sites which I keep opened in tabs in the background. For those
sites, it effectively means my "session" never ends, even when I close
Firefox and shut down my computer.
Another (more likely) possibility is that Google and Yahoo are set up as
search engines in your Firefox and when Firefox starts, it makes a query
to those sites to get their favicon or whatever, and you get cookies as
a side-effect of that request. You can probably remove these from your
search engines if you don't want the cookies. (Don't ask me how in FF
31, they keep changing the UI for this...)
There are gazillions of cookie management addons for FF, one that I used
for a while is called "Self-Destructing Cookies" which removed cookies
from the cookie jar after a set time. I seem to remember it didn't work
very well.
It looks to me like you can add specific domains to the cookie
exceptions list and set their status to "block".
Just some random thoughts.
Thanks,
Charles
On 05/31/2015 10:07 AM, Chick Tower wrote:
> I just discovered something slightly disturbing. I usually use Firefox
> at on desktop PCs, and Slackware is only up to version 31.7.0esr. I
> like to keep a tight rein on what cookies are set, with very few that
> aren't erased at the end of the session, if not blocked from the start.
> However, I've noticed that sometimes after closing Firefox to erase
> those session cookies they are still there in a new session. When I
> check the cookie exceptions that are set, some say "Allow first party
> only". I've never selected that, it's not even an option offered, and
> I've deleted or changed those exceptions, but they keep coming back. It
> appears Yahoo! and Google know how to change the exceptions I put in
> Firefox! There may be other websites that do this, but I haven't
> noticed any of the others I visit doing it. At least they change them
> to "Allow first party only" and don't enable third-party cookies, but it
> still galls me that they're controlling my browser settings.
>
> It bothers me that I can't block or make temporary cookies from
> accounts.google.com or ads.yahoo.com. Other domains from Google and
> Yahoo! also do this, but they aren't as simple to remember and type as
> these two are. I know I can delete them manually, which isn't
> difficult, but it's still annoying. I don't want to block or erase all
> cookies, because some are useful (like the TV schedule), and some sites
> won't allow you to go forward without setting cookies. It may be that
> Google and Yahoo! can ignore those settings, too. I haven't tried any
> of the cookie-managing add-ons. I do use Privoxy, so I could probably
> create some new rules or entries to stop this, and I suspect that would
> work since it's not part of any browser. I'm not interested at this
> time in using another browser, and other common browsers might be
> similarly vulnerable, anyway.
>
> Does anyone know of a setting or an add-on or a hack in about:config
> that will stop this behavior? Has anyone else noticed it? I searched
> on DuckDuckGo for "Allow first party only" and didn't find anything useful.
More information about the linux-user
mailing list