Join the Mozilla’s Test Days event from Dec 2–8 to test the new Firefox address bar on Firefox Beta 134 and get a chance to win Mozilla swag vouchers! 🎁

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cookies Exceptions list doesn't work as it is expected to work

  • 11 replies
  • 1 has this problem
  • 2 views
  • Last reply by aspis

more options

I strongly believe that Cookies Exceptions should work as it is expected to work, i.e. One should allow or not allow cookies from certain sites. When one allows cookies for a certain site, this site should be able to store a cookie anyway, even if one has cookies "closed" (not allowed). Otherwise, what's the use of the "exception" if you open cookies for everyone? They will all store their cookies whether they are in the "Exceptions" list or not.

Now, allowing cookies **for a single session only** can solve part the problem, since during a session there may be hundreds of cookies stored and you don't want that!!

If FF really wants to keep using the Exceptions list in the way it does, there should then be an additional list that will do exactly what I explained it ought to do. Which, of course is inefficient, i.e. is having two lists for the similar purpose. So, better use the Exceptions list for what it is logically expected to do.

I strongly believe that Cookies Exceptions should work as it is expected to work, i.e. One should allow or not allow cookies from certain sites. When one allows cookies for a certain site, this site should be able to store a cookie anyway, even if one has cookies "closed" (not allowed). Otherwise, what's the use of the "exception" if you open cookies for everyone? They will all store their cookies whether they are in the "Exceptions" list or not. Now, allowing cookies **for a single session only** can solve part the problem, since during a session there may be hundreds of cookies stored and you don't want that!! If FF really wants to keep using the Exceptions list in the way it does, there should then be an additional list that will do exactly what I explained it ought to do. Which, of course is inefficient, i.e. is having two lists for the similar purpose. So, better use the Exceptions list for what it is logically expected to do.

All Replies (11)

more options

Can you give a step-by-step example of what isn't working? For example:

(A) Create this exception:

https://example.com => Allow

(B) Disable accepting cookies

(C) Visit https://example.com (site that sets a cookie)

(D) Check for the site's cookies and they're not there (?)


Also, please note that Firefox 60 ESR is only receiving critical patches and any fix will likely be in Firefox 67 or Firefox 68 ESR.

more options

Here's how to reproduce the problem: 1. Enter http://www.pinterest.com in the Exception list. 2. Keep the cookies "closed" (not allowed, blocked). 3. Visit http://www.pinterest.com You will get a blank page because this site wants cookies "open" (allowed). If then you allow cookies, the site would work fine.

The same thing happens with quite a few sites. One of the most known among them https://support.microsoft.com/en-us, but they at least issue a message: "Cookies are disabled - Please enable cookies and refresh the page".

And the problem or strange thing that happens is the following: If one allows cookies for a website, then why this website is not able to store a cookie and asks to allow cookies? And vice versa, if you allow cookies, then what is the meaning and use of asking to allow cookies to a specific site (e.g. pinterest.com) by including it in the "Exceptions" list? In short, the "Exceptions" list is apparently useless. Simple as that. Elementary logic.

Now, this problem has nothing to do with FF versions. It's 'a very old one, before FF Quantum. A problem for me, at least, and in fact, a very annoying one. That But most probably FF -- for some strange reason -- does not see a problem there. Otherwise it would have been fixed it.

more options

Hi aspis, there are at least two complicating factors:

(1) The insecure address http://www.pinterest.com/ redirects to the secure address https://www.pinterest.com/

Firefox's cookie exceptions are protocol specific, so you would need an exception for

https://www.pinterest.com

(2) Pinterest sets cookies on both the base domain and the www domain

You can see this in the "Storage Inspector" when you are viewing Pinterest with cookies allowed (Shift+F9, see attached screenshot).

So depending on the importance of those cookies, you may also need an exception for:

https://pinterest.com

But problem: if those cookies are blocked, then they wouldn't show up in the Storage Inspector. In that case, I don't know how you could discover what exception you need to add. Maybe an add-on could be useful for that??

more options

Note that there are two basic exception scenarios.

  • you can block all cookies and create an allow exception
  • you can allow all cookies and create a block exception

You can of course set an allow or allow for session exception to allow cookies explicitly even when you allow exception as might be required in some cases (e.g. third-party cookies or session cookies).

more options

Reply to @jscher2000:

(1) I have entered https://www.pinterest.com in the list. But this is totally outside the point, because as I told you it happens with a lot of other sites. (2) Again, pinterest.com is just an example. There are a lot of other sites that I have in my Exceptions list and they still want the cookies allowed. I couldn't bring examples for each of them because I would take pages.

Thank you very much and I appreciate your effort and time to help, I really do, but I am afraid you have not understood the issue here, which is very simple, and I can't make it more simple than that. So, please don't spend more time with it. Thank you again.

Modified by aspis

more options

Reply to @cor-el:

Thanks for helping. (1) Re: "you can block all cookies and create an allow exception" As I already said, multiple times, allowing exceptions doesn't work if cookies are blocked. This is the whole issue! (2) Re: "you can allow all cookies and create a block exception" I have never tried that because it is inapplicable if not stupid: You can't create a list with a thousand sites and continue to add sites before even visiting them in order to avoid that they store a cookie.

Once again: The Exceptions list should work as it is supposed to. A site/domain that is included in the list as "allowed" should be allowed to store cookies independently of whether one has cookies blocked or not. Otherwise, what's its use? It's elementary logic.

Modified by aspis

more options

Hi aspis, I don't use Firefox 60 ESR. This is how it worked when I tested in Firefox 66:

(1) Block all cookies using Custom Content Blocking settings (first screenshot)

(2) Clear all existing cookies using the Clear Data button

(3) Create an exception for https://jeffersonscher.com (second screenshot)

(4) Open a test page, click "Set Oatmeal Cookies" and reload the page (third screenshot)

https://www.jeffersonscher.com/res/xtabcook.php

(5) Cross-check the Storage Inspector (fourth screenshot)

(6) Cross-check the Manage Data dialog (fifth screenshot)

Conclusion: Firefox 66 allows cookies from sites matching an Allow exception even if cookies are set to be blocked.

more options

^Quote: Conclusion: Firefox 66 allows cookies from sites matching an Allow exception even if cookies are set to be blocked.

That is similar to what I wrote above and that is how it always has worked in Firefox AFAIK.

  • you can block all cookies and create an allow exception

If this doesn't work for you then you may have an extension that is interfering.

more options

@cor-el, I believe you. But 1) Talking about FF 66 doesn't solve the problem in FF 60. 2) It has nothing to do with extensions, because it happens even if when they are all disabled (Safe mode) . 3) It was always like that from what I can remember, well before FF Quantum. Only that I didn't mind so much because sites were not so insanely obstinate about cookies and to a such large number as they are these days.

As you can see, from this and my earlier descriptions and comments, I know very well what I am talking about. And I made it as simple as possible, giving all the data that are needed and steps to reproduce the problem.

So I believe that only the FF programmers can actually understand and know what all this is about.

Modified by aspis

more options

As a footnote, Firefox 60 ESR is unlikely to get non-critical security/bug fixes at this point in its cycle.

more options

Thanks for letting know.