Website storing cookies despite listed as blocked in exceptions Firefox59.02
I am using Firefox Quantum 59.02 on OSX 10.13.4 I have enabled session cookies, except 3rd party. w When I l set eg. bbc.co.uk in the exceptions list as blocked, it shows as storing cookies when I view cookies.
In Cookies it is listed as bbc.co.uk, in Exceptions ..blocked, it shows as http//www.bbc.co.uk
Chosen solution
In Exceptions, Firefox is particular about the protocol. You usually need to create both the secure and insecure versions:
A possibly more convenient way if you are dealing with first-party cookies is to use the Permissions panel of the Page Info dialog.
You can call that up using any of these:
- right-click a blank area of the page and choose View Page Info > Permissions
- (menu bar) Tools menu > Page Info > Permissions
- click the padlock or "i" icon to the left of the site address, then the ">" icon, then More Information > Permissions
Scroll down to "Set Cookies" and uncheck the "Use default" box, and then select the permission you prefer. That change should show up in the Exceptions dialog.
Read this answer in context 👍 0All Replies (16)
Chosen Solution
In Exceptions, Firefox is particular about the protocol. You usually need to create both the secure and insecure versions:
A possibly more convenient way if you are dealing with first-party cookies is to use the Permissions panel of the Page Info dialog.
You can call that up using any of these:
- right-click a blank area of the page and choose View Page Info > Permissions
- (menu bar) Tools menu > Page Info > Permissions
- click the padlock or "i" icon to the left of the site address, then the ">" icon, then More Information > Permissions
Scroll down to "Set Cookies" and uncheck the "Use default" box, and then select the permission you prefer. That change should show up in the Exceptions dialog.
Note that you may have to leave out the www prefix. I assume that the missing colon in http:// is a typo.
Hi jscher2000, I just wanted to say thank you very much for your help.
Until recently I had my security settings in "Cookies and Site Data" set at "Block Cookies and Site Data". This blocked all cookies from all sites but those I had listed on the "Exceptions" page. But something changed suddenly. Now if I set my cookie security at "Block Cookies and Site Data" the sites I have listed on the exception page will be erased as soon as I shut down Firefox. The only way I can get those "exception" sites to remain listed is if I set my security at "Accept Cookies and Site Data from Websites", but that defeats the purpose as now all sites are free to create cookies. So does anybody know what's changed? I really loved to be able to block all cookies but those from the sites I chose to allow. Thanks. (I'm using Firefox 60.0.2)
Hi canadajohn, Firefox should not delete your Exceptions list at shutdown unless you used a different setting:
In the History section (Options > Privacy & Security > History):
"Clear history when Firefox closes" and when you click the "Settings" button to the right of it, you have "Site preferences" selected for clearance
Hi.
Thanks fror the reply but I'm afraid I'm not quite sure what you are suggesting. I'm attaching a picture of my present settings on the main "Privacy and Security" page along with an image of the settings I have selected in the "Settings" menu found in the "History" section of that page. As you will see the only box I've left unchecked is "Site Preferences".
You'll see I also have the "Cookies and Site Data" section set at "Accept cookies and site data from websites". If I change that to my prefered "Block cookies and site data" the sites I've listed as "Exceptions" will not open and often will give me a message that I have to allow cookies.
Maybe I'm confused but I thought that the "Exception" list was meant to be a list of sites you are allowing to create cookies while all others will be blocked from doing so. That's certainly been the way it's been working for me until very recently.
Thanks again.
Hi canadajohn, there are multiple kinds of "permissions" you can set for cookies:
- Allow
- Allow for Session (does not survive a shutdown)
- Block
Do all of the listed sites have the "Allow" permission? And the relevant protocol (http:// for HTTP sites and https:// for HTTPS sites)?
Note: the attached was a brief test in a new profile. I didn't test any sites that demand you accept cookies, which probably would have been a good idea.
Also, you should not have "Cookies" checked in the clear history settings if you want them to carry over to your next session.
Hi.
Here's an image of my exceptions page. It used to be full but since I lost them all I've only added these two.
Hi canadajohn, for Facebook, it should be
(using HTTPS instead of HTTP)
Do you have any other software that cleans up browser data? (For example, CCleaner or Advanced SystemCare.) If so, set it not to touch your Firefox data.
Hi.
Adding that "S" worked for Facebook but not for the other site, which is my bank login. But I recall now that I've has problems accessing that bank login with Firefox before and more than once have had to use Safari.
I realized this Mozilla site needs access to cookies too, so when I added it to the "Exceptions" list it's also worked when "Block cookies and site data" is selected.
So seems the problem was that missing "S" (and that the problem with my bank site is another matter). I'll have to check for that "S" when I add more sites to the exception list as the Facebook site appeared as only http by itself when I typed "Faceboook.com" in the space at the top of the "Exceptions" page.
Also, in the "History" section I've reverted to "Always use private browsing mode", which is where it was before and that has created no problems.
Thanks, looks like you've solved my problem! I guess though that why my long list of exceptions disappeared one day will have to remain a mystery.
John
Modified
Sites exist which set cookies using multiple names. For example the site www.foo.com may also set cookies as a.foo.com or foo.com/xx and such. With Chrome one can set the exceptions as:
[*.]foo.com
and it will reject anything remotely like foo.com Is there some similar protocol in Firefox? I haven't been able to stumble into one.
Basically I'd like to set the exception for anything with "foo" in the cookie name. Thanks.
Modified
Hi wjm263, try this:
- https://example.com => Allow or Allow for Session
- http://example.com => Allow or Allow for Session (if desired)
Does creating an Allow or Allow for Session exception for the base domain permit the subdomains like www.example.com as well?
Entering http://foo.com for "Allow for Session" still allows http://a.foo.com, or a million other variants to save permanent cookies.
wjm263 said
Entering http://foo.com for "Allow for Session" still allows http://a.foo.com, or a million other variants to save permanent cookies.
I'm sorry, for some reason I thought you wanted to ALLOW cookies from foo.com and its subdomains. If you want to BLOCK them then enter a block exception instead. Then please use the Manage Data button to remove the current cookies before re-testing.
I'm trying to "Allow for Session" as my note said. Not block.
Anyhow, it's become moot. I came back to Firefox a couple months ago after Chrome made an "improvement" which made it unusable for me. So due to this problem I've checked back and they fixed the problem again in the most recent release. So rather than continuing to fight with Firefox, I'm back to Chrome now.
Thanks for trying. IMHO Firefox desperately needs the ability to stick wild cards into the site names for Cookies. Otherwise the various places have learned to work around the restrictions I enter.