Heads-up on new addon: Self-Destructing Cookies

[GµårÐïåñ]

Sorry for the delay. Let me make this clear by example, hopefully it will make more sense what I mean.

Case 1
-------
I go to Facebook, I log in, do my stuff, close the browser (assuming I am dumb enough to not log off - regardless) when I close my browser, my LSO are toast, my cookies are toast, my cache is toast and I start my browser again, I have a clean slate with nothing remaining.


Case 2
-------
I go to Facebook, I log in, do my stuff and need to close all the tabs but don't want my session cookie to get deleted because I have no tabs open, so I am stupid enough to whitelist Facebook.com and it gets added to the cookie internals of Fx with ALLOW in front of it. Now I am done, I close the browser like I did in #1 but guess what, my cookies are all gone, EXCEPT for FB, my cache is all gone, my LSO are all gone and when I come back, my FB cookie has persisted because it was protected OUTSIDE the scope of the cleaning mechanism by being explicitly allowed.

Now make sense?

[Thrawn]

Now make sense?

Yes and no.

Thanks for clarifying your use case.

However, why wouldn't you:
- Add an 'allow for session' rule, instead of 'allow'?
- Check the 'clear history when firefox closes' box, which overrides all of the above? I know it does, because I couldn't understand why two-factor authentication cookies were being cleared, despite having made site exceptions, until I realised that I had checked that box.

[GµårÐïåñ]

Ok, I noticed today on the latest update that the icon for the site now provides three options. Delete, Temp until you close, and Never, so I guess you can just set it for the session now. But originally, unless I missed it, it was not set that way. Plus its hell of annoying to have to remember to check something for exclusions before you close the tab or risk losing your cookie and your session ending and having to start over logging in. I guess once you get used to the need to check each site while you are on its tab, it will get easier but as of now it just seems too much work for something that someone who regularly closes their browser can get by the existing methods without having to worry about closing your tab before you are truly done.

BTW, you are on mobile, wondering which version do you have? Which device? If you don't want to put it here, you can email me or PM me. Just curious, since I use mine to help Giorgio debug NSA++ and wondering how different our devices are to see how much variance we can provide him when it comes to testing. Thanks buddy.

[Thrawn]

Ok, I noticed today on the latest update that the icon for the site now provides three options. Delete, Temp until you close, and Never, so I guess you can just set it for the session now.

Oh, you've been managing permissions via the icon? That makes more sense! I only noticed it a few days ago. I've been managing permissions via the usual Preferences-Privacy dialog, where Allow and Allow for Session appear alongside each other.

Plus its annoying to have to remember to check something for exclusions before you close the tab or risk losing your cookie and your session ending and having to start over logging in.

I guess we browse differently, because I don't find that that causes trouble for me...I usually either keep tabs open or am happy to be logged out.

BTW, you are on mobile, wondering which version do you have? Which device? If you don't want to put it here, you can email me or PM me. Just curious, since I use mine to help Giorgio debug NSA++ and wondering how different our devices are to see how much variance we can provide him when it comes to testing. Thanks buddy.

Sorry, can't help . As previously discussed in the NSA forum, my phone just won't cut it. It's a Samsung Galaxy Mini; ARM v6, and not enough grunt to run Firefox properly. I compensate by disabling images, JavaScript, and plugins; mobile versions of sites usually don't need them.

I did try an ARM6 Firefox nightly for a while, but it was unstable...

[GµårÐïåñ]

Yeah Firefox Mobile is a truly crappy piece of junk. I can't stand it. I tried to put up with its BS for the sake of NSA but I just couldn't deal with it. At least for the moment, its truly worthless.

[Thrawn]

For true cookie-haters, Self-Destructing Cookies has a hidden, experimental mode that allows you to block all cookies by default, but allow selected sites to have cookies only while tabs are open:

Q: I have configured Firefox to block all cookies by default. Can I still use SDC?
A: There is an unsupported hidden setting that changes the behaviour of the "yellow" whitelist level from allow-for-session to allow-while-open. To enable it, create a boolean key in your about:config named "extensions.jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.defaultBlock" (without the quotes), set it to true and restart your browser. You can now use the "yellow" setting for sites whose cookies you would like to accept, but still have them self-destruct. I provide this on a "should work" basis, meaning that I depend on bug reports from you and don't do in-depth testing of this mode myself.