Why are cookies being accessed at startup?
In my Cookies and Site Data, under "last used" it says there's a whole bunch of cookies being accessed every time I launch Firefox. Even if I launch Firefox with no open tabs, cookies are still being accessed when I launch.
I find this deeply disturbing! Cookies surely should not be able to activate until you start visiting websites?
Can anyone please explain how and why are these cookies being accessed?
Valitud lahendus
Firefox stores cookies from open tabs in sessionstore.jsonlz4 as part of session data, not sure if closed tab are part of this as well. You can modify this pref on the about:config page to disable storing cookie data.
- browser.sessionstore.privacy_level = 2
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.
Loe vastust kontekstis 👍 1All Replies (12)
You must have link prefetching enabled (it is enabled by defaut). This is a standard browser mechanism, which tries to guess which sites you're going to open next and automatically connects to those sites beforehand (to speed up site load times). Prefetching will cause the cookies of the prefetched sites to be accessed. Please feel free to read more about prefetching at Link prefetching FAQ by Mozilla.
To disable link prefetching, type about:config in Firefox address bar, search for the preference named network.prefetch-next and toggle it's value from True to False.
As you seem to be a privacy-conscious user, I'd suggest you to take a look at How to stop Firefox from making automatic connections.
Muudetud
Elysium, thank you very much for your answer. I am indeed extremely privacy-conscious.
However, the setting you mentioned (network.prefetch-next) was not enabled. It's always been set to false. So I don't understand why cookies are being accessed at startup?
Ok, so I did a little test.
With link prefetching disabled, Firefox only connects to addons.mozilla.org on startup (image). This is on a newly created profile with no add-on installed and sync disabled.
So, perhaps one of your installed add-on is responsible for this? Also, when you start Firefox, how many entries do you see being accessed? Do you see any unfamiliar website's cookies are being accessed?
Muudetud
Thank you Elysium.
I've done a LOT of testing and have determined that the problem has nothing to do with add-ons. It seems to be related to Firefox's "Restore previous session" setting.
Try doing this…
1. Create 2 brand new profiles and open them simultaneously
2. In one of them, enable "Restore previous session"
3. In both profiles, go to www.youtube.com and click on any video.
4. Close both browsers for a few minutes
5. Go into the Cookie settings and one will show that the www.youtube.com cookie was accessed at startup
Muudetud
Here's another odd thing which makes no sense...
1. I opened a profile that was having this problem
2. I looked at the cookie manager and it said that several cookies were "last used" several seconds ago (at startup)
3. I disabled "Restore previous session"
4. I closed and re-opened the profile
5. The cookies manager now reports that those same cookies were "last used" several days ago!
Muudetud
Can anyone confirm that this is a bug? Does the above procedure give the same result for other people?
Hello MartyJames, sorry for not getting back to you earlier.
I did what you described and I can confirm that Firefox does access cookies of last opened site(s) on startup if "Restore previous session" is enabled.
However, I can't reproduce the second issue you mentioned. Do you use any external cookie manager add-on? if yes and you can reliably reproduce this problem, then I think you should open a bug report in that add-on's support forum.
Thanks for the reply, Elysium.
The test profiles I set up had no add-ons whatsoever, and I don't use any kind of external add-on software.
Obviously, I was not leaving any sites open when I closed and re-started the browser. It opens with only a single blank tab, and yet cookies are being accessed.
I find this worrying as it has privacy implications and I take privacy extremely seriously.
Apparently it's a known behavior. Session Restore accesses few of your last visited site's stored cookies to ensure that the webpages are restored properly. Also Session Restore will restore connections to services which use session cookies to maintain login state (e.g. Gmail). It could be a serious privacy issue if you happen to share your computer (and your user account) with someone else.
You should disable restore previous session on startup if this is a concern to you. You can also consider disabling session restore from crash. Please take a look at this article for more information.
Elysium, thank you so much for your very helpful answer! :)
I find cookies a confusing (and very concerning) subject.
I don't mean to be a nuisance, but would it be possible for me to please ask for a little info about how and why Firefox restores cookies to "maintain a login state"? What does that mean exactly? Most of the cookies being accessed at startup are for sites I don't even have accounts with, like, say, a torrent search engine I've used on rare occasions.
I have another question too... There's one particular website I visit that I don't want them to know my location, so I use a simple VPN add-on every time I visit them to hide my IP. But presumably that site knows my real IP, since telemetry is being sent to them from my computer BEFORE I've enabled my VPN?
Valitud lahendus
Firefox stores cookies from open tabs in sessionstore.jsonlz4 as part of session data, not sure if closed tab are part of this as well. You can modify this pref on the about:config page to disable storing cookie data.
- browser.sessionstore.privacy_level = 2
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.
Wow, cor-el, that actually seems to have worked. And such a simple solution, too!
Thank you so much.
Now that I've set this to '2' could you tell me what features I might find no longer working?