David E. Ross wrote:
On 9/12/2016 10:37 AM, Paul B. Gallagher wrote:
David E. Ross wrote:
I had to create a separate SeaMonkey profile for accessing my
financial accounts at a bank, two credit unions, and Vanguard mutual
funds. My settings for this profile might give you some idea of what
you might need to do. Where I say "Normally", that reflects the
profile where I do most of my Web surfing.
...
Cookies from 3rd party domains allowed from which there are already
existing cookies and the file cookies.sqlite is marked "read-write".
(Normally, I allow cookies only from the requested domain; and I
mark cookies.sqlite as "read only".)
I'm very curious about how you made this work. Under normal conditions,
you accept first-party cookies but you prevent SM from updating the
cookies file? How can both be true?
I first set the preference to allow ALL cookies. I then visited the Web
sites of the financial institutions. After that, I changed the
preference to "Allow third-party cookies for previously visited websites
only". In that profile, I always had cookies.sqlite marked
"read-write". Only in the profile I use for most of my Web surfing, I
marked that file "read only".
But if cookies.sqlite is marked "read-only," how can a site set a
cookie, even if it's an approved site? I mean, the definition of "set a
cookie" includes "modify cookies.sqlite," does it not? Confusinger and
confusinger...
Do bank sites really work with stale cookies from previous visits?
Sounds like a great way for hackers to impersonate you -- just spoof
your cookie from a previous session.
--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
