Cookies for websites setup for ALLOW (replacement for post that "disappeared")
As captured in the long thread "What's the difference between ALLOW and ALLOW for a SESSION?”, with a lot of handholding from jscher2000, I managed to set custom choices for privacy and security the way I wanted on my mac computer (blocking all cookies in all windows, with exceptions saved for ALLOW, ALLOW for SESSION and some for BLOCK). To accomplish this, required enabling deletion of cookies when Firefox closes.
My assumption based on information I got in the above mentioned thread, was that even when deletion of cookies is checked for when Firefox is closed, cookies for websites identified as exceptions with ALLOWED, are not deleted.
However, this is not what happens. A specific example is tripcheck.com, which stores custom itineraries for cameras in cookies. I setup quite a few of these custom itineraries and saved them and they were OK until I closed Firefox, when they were deleted, as the cookie was deleted. This website is setup as ALLOW in the Exceptions list.
As explained in the above mentioned thread:
"(2) Scenario Two
[X] Delete cookies and site data when Firefox is closed (checked)
Firefox shortens cookie expiration to session only unless the site has an ALLOW permission in the exceptions list. “.
I am more confused than ever, the settings do not appear to be working the way they are meant to work, not only for session cookies but also for what should be "permanent".
Am I doing something incorrectly or am I misunderstanding how setting should work?
If cookies of websites setup for ALLOW are deleted when Firefox is closed, the setting is defeating what I am trying to accomplish: saving cookies for websites that I use and save data in cookies (such as recognizing the computer, what’s needed for 2 step authentication, etc.).
Thanks.
Keazen oplossing
There were some scammers replying to all the posts with 800 numbers and fake support links, so all links now need to be moderated.
If you compare the Page Info dialog while you're on the tripcheck site, does it reflect the ALLOW permission? Either:
- Ctrl+i (for Mac, Command+i)
- right-click a blank area of the page > View Page Info
- (menu bar) Tools > Page Info
When the dialog comes up, click the Permission icon at the top to show that panel.
Scroll down to "Set Cookies" and see what is shown there. If needed, uncheck the "Use default" box, and then select Allow to let the site set persistent cookies.
Dit antwurd yn kontekst lêze 👍 1Alle antwurden (20)
Two thoughts:
(1) The ALLOW permission lets the site decide when its cookies expire. But the site might be setting session cookies for its own reasons.
While on the site, try using the Storage Inspector (Shift+F9) to check the cookie details. If the Expires column is not displayed, right-click (one button: Ctrl+click) another column heading and add it from the list that opens.
More info: https://developer.mozilla.org/docs/Tools/Storage_Inspector
(2) If zero cookies are surviving a Firefox restart, please double-check that Cookies are not being cleared through the "Clear history when Firefox closes" feature under History => Firefox will: Use custom settings for history.
Thanks for your quick reply, jscher2000.
1. While Shift+F9 didn't do anything, by reading the document the link took me to, I saw that I can use Web developer to get to Storage Inspector. Under cookies I see https://www.tripcheck.com However, there are no columns of any kind and the text displayed states: "No data present for selected host".
I have serious doubts that the website is setting session cookies because until I closed the browser the custom cameras were there. I do not know if it is relevant, but when I was using Safari, the cookie for Tripcheck never went away, unless I deleted it on purpose.
2. I double checked History and "Clear history when Firefox closes" is NOT checked.
I would be surprised if with the same settings that I have it would work differently for anybody else...
At this time I am really not sure how to best/most effectively take advantage of Firefox's security capabilities. They seem to be very nice and powerful and I really like the capability to actually see what each website does, all the cookies they store, all the tracking they do, all the sharing they do with 3rd parties.
However, I get the impression that the fight against companies monitoring, capturing at will anything I do anywhere on the internet is a futile effort. First because Firefox might not work as advertised; second because it is so hard to understand how it is really supposed to work; third, because as I learned from an article I posted with a question (that nobody addressed), I understand that if I store any cookies (to make life a bit more "comfortable") and I do not keep cleaning all of them, I have a potential major exposure to those who do cookie hijacking in a variety of forms.
I'd appreciate a "second opinion" regarding the above from someone who knows how this browser works.
The above might be just a philosophical topic. Maybe until companies will be regulated like in Europe to preserve customer's privacy (vs. taking advantage of this wild west and making a fortune based on data they collect from us), the rest is waste of time.
I did post a reply, no links included. It doesn't show up. I hope that this is not a second "disappearance"....
I also no longer see the 2 prior replies from Shashank Shekhar.....
I have them in email, so I know that I am not daydreaming. It appears that something really strange is happening on this forum.
The hidden post contains the same "linkified" domain as your original question in this thread. A moderator will need to make it visible.
The two other posts are in https://support.mozilla.org/questions/1322785
Thanks. I thought that I am going crazy... There should be a better solution to this.
Before I posted the reply to you, I checked to make sure that there is no warning about anything, no moderator related message, and there was none.
Why are some posts hidden and require a moderator, even is they do not include a link? Why is that user is not notified that the posted message will appear later when a moderator has the time to make it visible? Is there any reason for 2 threads appearing when in fact there is only one? What is a "linkified" domain and why is something like this used? Are there any rational reasons for these "features"?
Sorry, this is very confusing and frustrating, obviously nothing to do with you, but with those who designed and implemented these "features". Maybe a moderator can pass this feedback to those who are responsible for the product, if they care for end user feedback.
Your hidden reply contains a link to the same site you mentioned in the original question.
There is some kind of notification, but last time I saw it it was very subtle and did not pop with red text or a bright background, so it's easy to miss.
By the way, I use this tool to follow my threads on the forum and it lets me preview hidden replies. You could take a look if you like:
Thanks. I will try the link you sent to see if it shows my hidden questions. So if I just mention a website, suddenly my message becomes hidden..... If this was the case, it is not consistent, because in the re-typed post (the first one above) I had a reference to a website ( "A specific example is tripcheck.xxx which stores") and it was posted without any problems. I give up on understanding how this works and why, whatever the reasons might be, was implemented the way it is.
I will wait until my posts come out of hiding.... Thanks again.
The reply I posted, really "innocent", went to the moderator. Someone should look into what is happening.
Thanks, regardless.
Keazen oplossing
There were some scammers replying to all the posts with 800 numbers and fake support links, so all links now need to be moderated.
If you compare the Page Info dialog while you're on the tripcheck site, does it reflect the ALLOW permission? Either:
- Ctrl+i (for Mac, Command+i)
- right-click a blank area of the page > View Page Info
- (menu bar) Tools > Page Info
When the dialog comes up, click the Permission icon at the top to show that panel.
Scroll down to "Set Cookies" and see what is shown there. If needed, uncheck the "Use default" box, and then select Allow to let the site set persistent cookies.
I followed your instructions. "Set Cookies" showed "Allow for Session" (despite the fact that the website was set for "Allow"). The "Use default box" was unchecked. I selected "Allow". On the website I saved some cameras and closed the browser. When I returned the saved cameras were there !!!!
THANKS A LOT! This is amazing, but which end user would know all of this... I am so impressed.
Is there any explanation to what happened, why if the website is set to ALLOW, it thought that it was set to Allow for session? Was this a fluke or is it a known bug?
I have quite a few other websites set to ALLOW. I checked 2 of them. One showed ALLOWED, the other also showed Allow for session..... Do I have to go to each of them to be sure that their permissions are set as I thought they were?
Hi Sue, there might be some difference in the way the origin is understood by Firefox. For example, Page Info generally uses the full domain (www.mozilla.org) but cookies sometimes are set on the base domain (mozilla.org). I think unfortunately, you have to test and experiment when making cookie exceptions.
Thanks. This is not only awfully complex but also incredibly "painful" for anyone who wants to protect themselves. What I am trying to do seems to require an overwhelming amount of work.
What do you find as the most practical and reliable approach (for setting permissions), that provides maximum privacy with less work with Firefox?
Thanks again and have a nice weekend.
I use this:
(1) Tracking Protection
Default cookie setting, either
- Standard
- Custom with only "Cross-site and social media trackers" blocked
(2) Cookies and Site Data
[x] Delete cookies and site data when Firefox is closed
Allow exceptions are set for 36 sites (some of those are obsolete now that I look at them).
This means that during my session, however long it is until I exit/restart Firefox, cookies can accumulate and possibly facilitate tracking. I do not worry much about this because it's pretty ordinary browsing.
(3) History
I do not clear history when Firefox closes.
(4) Extensions
I use NoScript, which supports a highly paranoid "trust no one" approach to website scripts. It automatically blocks everything and this means it sometimes takes two or three visits to its dialog and reloads to get the site to render normally. This is not how most people want to browse.
Thanks again for taking the time on a weekend to share this info. I will most likely make changes on my end following what seems to work for you. Otherwise, too much time and energy (my own and yours) is required to fight "the system".
It seems that NoScript is available only for Windows (doesn't show up in the Apple store and the developer's website doesn't mention Mac OS). Also a search for protection against XSS on Mac computers didn't produce any results. Maybe Apple can be trusted more with protection against damaging scripts.....
Hi Sue, NoScript is a Firefox extension. I don't recommend using it just yet. Much easier to have Firefox do a bit more Tracking Protection (i.e., Strict) as a starting point.
Thanks, I guess I am not ready for it - yet :):):).
Hi jscher2000:
One more follow-up question. With your security/privacy settings, did you ever loose them when updating Firefox to a new version or did you have to restore them from a backup? If so, were you able to restore everything without any issues? Thanks.
Hi Sue, I don't recall ever losing these settings. In Fall 2017, I created a fresh profile for Firefox 57, so I've only had this one for a little over 3 years at this point.
Actually, my SSD died in March so I did have to restore my entire profile from a backup to the new SSD. But that is pretty rare, I think. I hope.