Bug#682369: firefox-esr disobeys "until I close Firefox" cookie setting
Control: found -1 60.5.1esr-1~deb9u1 Control: retitle -1 firefox-esr disobeys "until I close Firefox" "cookies and site data" setting To reproduce in version 60.5.1esr-1~deb9u1, currently in Debian stable: Open Firefox ESR. Configure Firefox thus: ≡ Preferences Privacy & Security Browser Privacy Cookies and Site Data Accept cookies and site data from websites (recommended) Keep until: I close Firefox Browse to https://www.meetup.com . Close Firefox. After the preceding steps, meetup.com "cookies and site data" must not exist. To see that meetup.com data still exist, continue with the following steps: Open Firefox ESR. View cookies and site data: ≡ Preferences Privacy & Security Browser Privacy Cookies and Site Data Manage Data...
Bug#682369: firefox-esr disobeys "until I close Firefox" cookie setting
Sven Joachim wrote: > Basically that's the way session restore works, and I have > always seen this as a feature rather than a bug, although > that is certainly debatable. Some upstream discussions: > > https://bugzilla.mozilla.org/show_bug.cgi?id=443354 > https://bugzilla.mozilla.org/show_bug.cgi?id=529644 > https://bugzilla.mozilla.org/show_bug.cgi?id=530594 > https://bugzilla.mozilla.org/show_bug.cgi?id=1286748 Sure, it's nice for some people, and in some situations. But in this situation, Firefox is clearly retaining data which the user has _explicitly_commanded_it_not_to_retain_. Covertly disobeying the user's direct command is definitely, not debatably, wrong. I used the word "covertly" because Firefox accepts the user's command, with no indication that it intends to disobey it. In fact, the user generally doesn't know that the command has been disobeyed, until after illegitimately retained data have been exfiltrated to a server somewhere, which can't be undone.
Bug#682369: firefox-esr disobeys "until I close Firefox" cookie setting
On 2016-12-12 19:52 -0500, Robert Munyer wrote: > Control: retitle -1 firefox-esr disobeys "until I close Firefox" cookie > setting > Control: reassign -1 firefox-esr 45.5.1esr-1 > > Bug still present in firefox-esr 45.5.1esr-1, in Debian "stretch". > To replicate: > > Open Firefox ESR. > > Configure Firefox thus: > ≡ > Preferences > Privacy > History > Firefox will: Use custom settings for history > Accept cookies from sites > Keep until: I close Firefox > > Browse to http://noscript.net/features . > > Click the "Go back one page" button. > > Close Firefox. > > After the preceding steps, the cookie must not exist. > To see that it does exist, continue with the following steps: > > Open Firefox ESR. > > Click "Restore Previous Session". > > View cookies: > ≡ > Preferences > Privacy > History > Show Cookies... Basically that's the way session restore works, and I have always seen this as a feature rather than a bug, although that is certainly debatable. Some upstream discussions: https://bugzilla.mozilla.org/show_bug.cgi?id=443354 https://bugzilla.mozilla.org/show_bug.cgi?id=529644 https://bugzilla.mozilla.org/show_bug.cgi?id=530594 https://bugzilla.mozilla.org/show_bug.cgi?id=1286748 Cheers, Sven