InformAction Forums

Hi, I've found an issue where NoScript is causing unwanted cookies to be sent when loading a page. I can reproduce it using eBay (see STR below), but I'm not sure if it's a more general problem or just restricted to that site.

The problem is that after deleting all cookies in Firefox options, some cookies still get sent with the next page request. This only happens when NoScript is installed, and is reproducible in a new profile with just NoScript added.

Steps to reproduce:

1. Install NoScript 2.6.2 into a new Firefox 17 profile
2. Install some method of viewing HTTP request headers, such as 'Live HTTP Headers' extension or Wireshark
3. Go to http://www.ebay.com
4. Select 'Allow all this page' in the NoScript menu (the problem doesn't seem to happen when scripts are blocked)
5. In Firefox options, delete all cookies
6. Reload the page loaded in step 3.

Actual results:

Viewing the headers shows that some cookies were sent with the request.

Expected results:

No cookies should be sent, because I just deleted them all.

This only happens when NoScript is enabled. It works as expected when (1) NoScript is disabled or (2) NoScript is enabled but scripts are blocked.

Could you list the exact cookies?

I've just tested some older versions and it started happening in 2.5.1, if that's any help.

Giorgio Maone wrote:Could you list the exact cookies?

It's usually these, or ones very similar:

ds2=ssts/1353927819485^
ebay=%5Esbf%3D1048576%5E

It's actually Ebay which resets those cookies before unloading the page, because it sees the script-accessible cookies are not empty (they're faked by the popunder surrogate).
Worked around in latest development build 2.6.3rc2, thanks.