Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Website storing cookies despite listed as blocked in exceptions Firefox59.02

  • 16 iimpendulo
  • 1 inayo le ngxaki
  • 1 view
  • Impendulo yokugqibela ngu wjm263

more options

I am using Firefox Quantum 59.02 on OSX 10.13.4 I have enabled session cookies, except 3rd party. w When I l set eg. bbc.co.uk in the exceptions list as blocked, it shows as storing cookies when I view cookies.

In Cookies it is listed as bbc.co.uk, in Exceptions ..blocked, it shows as http//www.bbc.co.uk

I am using Firefox Quantum 59.02 on OSX 10.13.4 I have enabled session cookies, except 3rd party. w When I l set eg. bbc.co.uk in the exceptions list as blocked, it shows as storing cookies when I view cookies. In Cookies it is listed as bbc.co.uk, in Exceptions ..blocked, it shows as http//www.bbc.co.uk

Isisombulu esikhethiweyo

In Exceptions, Firefox is particular about the protocol. You usually need to create both the secure and insecure versions:

A possibly more convenient way if you are dealing with first-party cookies is to use the Permissions panel of the Page Info dialog.

You can call that up using any of these:

  • right-click a blank area of the page and choose View Page Info > Permissions
  • (menu bar) Tools menu > Page Info > Permissions
  • click the padlock or "i" icon to the left of the site address, then the ">" icon, then More Information > Permissions

Scroll down to "Set Cookies" and uncheck the "Use default" box, and then select the permission you prefer. That change should show up in the Exceptions dialog.

Funda le mpendulo kwimeko leyo 👍 0

All Replies (16)

more options

Isisombululo esiKhethiweyo

In Exceptions, Firefox is particular about the protocol. You usually need to create both the secure and insecure versions:

A possibly more convenient way if you are dealing with first-party cookies is to use the Permissions panel of the Page Info dialog.

You can call that up using any of these:

  • right-click a blank area of the page and choose View Page Info > Permissions
  • (menu bar) Tools menu > Page Info > Permissions
  • click the padlock or "i" icon to the left of the site address, then the ">" icon, then More Information > Permissions

Scroll down to "Set Cookies" and uncheck the "Use default" box, and then select the permission you prefer. That change should show up in the Exceptions dialog.

more options

Note that you may have to leave out the www prefix. I assume that the missing colon in http:// is a typo.

more options

Hi jscher2000, I just wanted to say thank you very much for your help.

more options

Until recently I had my security settings in "Cookies and Site Data" set at "Block Cookies and Site Data". This blocked all cookies from all sites but those I had listed on the "Exceptions" page. But something changed suddenly. Now if I set my cookie security at "Block Cookies and Site Data" the sites I have listed on the exception page will be erased as soon as I shut down Firefox. The only way I can get those "exception" sites to remain listed is if I set my security at "Accept Cookies and Site Data from Websites", but that defeats the purpose as now all sites are free to create cookies. So does anybody know what's changed? I really loved to be able to block all cookies but those from the sites I chose to allow. Thanks. (I'm using Firefox 60.0.2)

more options

Hi canadajohn, Firefox should not delete your Exceptions list at shutdown unless you used a different setting:

In the History section (Options > Privacy & Security > History):

"Clear history when Firefox closes" and when you click the "Settings" button to the right of it, you have "Site preferences" selected for clearance

more options

Hi.

Thanks fror the reply but I'm afraid I'm not quite sure what you are suggesting. I'm attaching a picture of my present settings on the main "Privacy and Security" page along with an image of the settings I have selected in the "Settings" menu found in the "History" section of that page. As you will see the only box I've left unchecked is "Site Preferences".

You'll see I also have the "Cookies and Site Data" section set at "Accept cookies and site data from websites". If I change that to my prefered "Block cookies and site data" the sites I've listed as "Exceptions" will not open and often will give me a message that I have to allow cookies.

Maybe I'm confused but I thought that the "Exception" list was meant to be a list of sites you are allowing to create cookies while all others will be blocked from doing so. That's certainly been the way it's been working for me until very recently.

Thanks again.

more options

Hi canadajohn, there are multiple kinds of "permissions" you can set for cookies:

  • Allow
  • Allow for Session (does not survive a shutdown)
  • Block

Do all of the listed sites have the "Allow" permission? And the relevant protocol (http:// for HTTP sites and https:// for HTTPS sites)?

Note: the attached was a brief test in a new profile. I didn't test any sites that demand you accept cookies, which probably would have been a good idea.

more options

Also, you should not have "Cookies" checked in the clear history settings if you want them to carry over to your next session.

more options

Hi.

Here's an image of my exceptions page. It used to be full but since I lost them all I've only added these two.

more options

Hi canadajohn, for Facebook, it should be

https://facebook.com

(using HTTPS instead of HTTP)

Do you have any other software that cleans up browser data? (For example, CCleaner or Advanced SystemCare.) If so, set it not to touch your Firefox data.

more options

Hi.

Adding that "S" worked for Facebook but not for the other site, which is my bank login. But I recall now that I've has problems accessing that bank login with Firefox before and more than once have had to use Safari.

I realized this Mozilla site needs access to cookies too, so when I added it to the "Exceptions" list it's also worked when "Block cookies and site data" is selected.

So seems the problem was that missing "S" (and that the problem with my bank site is another matter). I'll have to check for that "S" when I add more sites to the exception list as the Facebook site appeared as only http by itself when I typed "Faceboook.com" in the space at the top of the "Exceptions" page.

Also, in the "History" section I've reverted to "Always use private browsing mode", which is where it was before and that has created no problems.

Thanks, looks like you've solved my problem! I guess though that why my long list of exceptions disappeared one day will have to remain a mystery.

John

Ilungisiwe ngu canadajohn

more options

Sites exist which set cookies using multiple names. For example the site www.foo.com may also set cookies as a.foo.com or foo.com/xx and such. With Chrome one can set the exceptions as:

[*.]foo.com

and it will reject anything remotely like foo.com Is there some similar protocol in Firefox? I haven't been able to stumble into one.

Basically I'd like to set the exception for anything with "foo" in the cookie name. Thanks.

Ilungisiwe ngu wjm263

more options

Hi wjm263, try this:

Does creating an Allow or Allow for Session exception for the base domain permit the subdomains like www.example.com as well?

more options

Entering http://foo.com for "Allow for Session" still allows http://a.foo.com, or a million other variants to save permanent cookies.

more options

wjm263 said

Entering http://foo.com for "Allow for Session" still allows http://a.foo.com, or a million other variants to save permanent cookies.

I'm sorry, for some reason I thought you wanted to ALLOW cookies from foo.com and its subdomains. If you want to BLOCK them then enter a block exception instead. Then please use the Manage Data button to remove the current cookies before re-testing.

more options

I'm trying to "Allow for Session" as my note said. Not block.

Anyhow, it's become moot. I came back to Firefox a couple months ago after Chrome made an "improvement" which made it unusable for me. So due to this problem I've checked back and they fixed the problem again in the most recent release. So rather than continuing to fight with Firefox, I'm back to Chrome now.

Thanks for trying. IMHO Firefox desperately needs the ability to stick wild cards into the site names for Cookies. Otherwise the various places have learned to work around the restrictions I enter.