Mozilla VPN is currently experiencing an outage. Our team is actively working to resolve the issue. Please check the status page for real-time updates. Thank you for your patience.

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Private browsing mode saves cookies

more options

When using firefox 59 in Private browsing mode it saves youtube cookies even though the Private browsing mode message states that "Private browsing does not save cookies" The storage inspector in Firefox shows the cookies stored.

Why?

See enclosed

When using firefox 59 in Private browsing mode it saves youtube cookies even though the Private browsing mode message states that "Private browsing does not save cookies" The storage inspector in Firefox shows the cookies stored. Why? See enclosed
Attached screenshots

All Replies (17)

more options

Hi, yes it should not save cookies and once you shut down Private and Release versions of Firefox they should be deleted.

Please let us know if this solved your issue or if need further assistance.

more options

Not saving cookies only means that the cookies aren't stored in the profile folder in cookies.sqlite, otherwise cookies work the same in PB mode as in normal mode because it would break a lot of websites. When you are in PB mode then a separate in-memory cookie jar is used that is purged when all PB mode windows (tabs) are closed, so it is quite normal that you see cookies in the Storage Inspector.

more options

If you clear your site data for YouTube in a regular window and then browse YouTube in a private window, then check back in the regular window, you should not see cookies crossing over from the private (temporary) cookie jar to the regular (persistent) cookie jar.

more options

I am familiar with clearing cookies. My point is in the Private browsing statement states that cookies will not be saved and it is being saved.

This should be corrected.

more options

I'm not sure what would be the best way to explain it. What do you think?

Cookies that sites set in private windows are recorded temporarily in memory, separately from regular window cookies. They are not saved to disk, and they are discarded at the end of your private session (after the last private window is closed).

more options

Cookies are not required for a web site to function. If you go into "privacy and security" you can an option to "accept cookies from websites" which can be disabled or enabled. I would expect private mode to disable all cookies

Firefox says it would not save any cookies and this is not what it is doing.

more options

mace2 said

Cookies are not required for a web site to function. If you go into "privacy and security" you can an option to "accept cookies from websites" which can be disabled or enabled. I would expect private mode to disable all cookies

You now know exactly how it works. I doubt the default behavior will be switched because it would create problems on sites users want to log into, and on sites where it is beneficial to maintain continuity among pages on the site.

Firefox says it would not save any cookies and this is not what it is doing.

Earlier you said the description should be corrected. How would you rewrite it? See my earlier reply for my thought on that.

more options

If you want to disable cookies then you can do that in Options/Preferences. When entering Private Browsing mode would disable cookies then you won't be able to use a lot of websites, especially websites where you want to log in and possibly use a chart to buy something and where you do not want to keep a history record as that could spoil surprises.

more options

If using private browsing causes problems the user in private mode has the option of deciding if he feels the web site warrants using cookies if yes use the web site while not using private browsing. Examples are Bank web sites and gmail. But if you feel it doesn't warrant a cookie don't use the site. examples are some movie or tv sites.

more options

Hi mace2, pardon me if this sounds like a stupid question, but why are you concerned about cookies?

Firefox added the Tracking Protection feature to allow users to easily block known third party tracking servers. I think this addresses the cookies most users finding troubling, the ones that follow them across sites and therefore can amass a wider view of your browsing behavior.

For other servers and for first party cookies of the site you're visiting, perhaps you want them to accumulate the minimum amount of information about your browsing behavior. Private browsing limits it to the current session; once your close and re-open your private session, the old cookies are gone and the site's record of your visit starts from zero again. (Assuming the site doesn't use other methods of tracking such as "fingerprinting," which is a different subject.)

Firefox's default aims to balance compatibility/functionality and privacy. Users who want to take a more aggressive approach to cookies -- block first, allow on a case-by-case basis instead of "private session only" -- can use permission settings or add-ons.

In the future, perhaps Firefox will offer an "even more private browsing" option once the fingerprinting protection is sorted out (right now, it breaks too many things, in my opinion). Refusing all cookies by default, or clearing them each time you leave a site or close a tab, could be a default setting of such a mode. I'm sure people will argue that a VPN should be included, too.

more options

The reason I bring up the issue is that Private browsing suggests that you browse and no communications with the site occurs. If you receive a temporary cookie it could cause problems in privacy by being read by another site.

If its private nothing touches your browser. You will run into sites that demand cookies for operation as discussed but I think many people would consider that acceptable.

more options

Cookies have nothing to do with private browsing mode. In PB mode cookies behave the same as in regular mode, there is not a real difference and the current cookie settings (block/allow exceptions) still apply.

more options

Cor-el , private mode browsing states on the screen capture I provided "it does not save cookies.

I am simple saying it should not keep any cookies what so ever so browsing is truly private.

more options

Co-rel writes: "Cookies have nothing to do with private browsing mode." Perhaps directly, that is true. But when I turn on private browsing mode in Firefox, that forces another setting under Cookies and Site Data to be set to "Keep until Firefox is closed". Under this setting combined with private browsing mode, all entries are removed from the Manage Data area when I log out of that session. Then I cannot log into my financial site with computer recognition required. However, if I uncheck private browsing and then recheck under Cookies and Site Data "Keep until Firefox is closed", a financial site cookie is preserved in Manage Data and I can still log into my financial firm with computer restriction on. So selecting private browsing zeros out cookies under "Keep until Firefox is closed" in a way more thorough than turning off private browsing but separately selecting "Keep cookies until Firefox is closed." This is a bit of a puzzle. Explanations are welcome.

Modified by Quenchoo

more options

Quenchoo said

But when I turn on private browsing mode in Firefox, that forces another setting under Cookies and Site Data to be set to "Keep until Firefox is closed". Under this setting combined with private browsing mode, all entries are removed from the Manage Data area when I log out of that session.

That's odd; I didn't think checking "Always use private browsing mode" needed to change any cookie settings. In private windows, cookies set in your private session are automatically dumped at the end of your session (when the last private window is closed), regardless of the "Keep until" setting.

However, if I uncheck private browsing and then recheck under Cookies and Site Data "Keep until Firefox is closed", a financial site cookie is preserved in Manage Data and I can still log into my financial firm with computer restriction on.

With "Keep until: I close Firefox" your cookies should be dumped when you exit your browsing session (closing the last regular browsing window). If Firefox still has the authentication cookie at your next startup, either (A) the session cookies were resurrected by restoring your previous session windows and tabs, or (B) there is an exception to "Allow" cookies for the site.

more options

Apparently closing down a private browsing session does at least what "keep until Firefox is closed" does in terms of zapping cookies. But apparently private browsing does more in the sense that no cookies are left in Manage Data, whereas with private browsing off and "keep until Firefox is closed" on, some cookies are left. But I have no idea what criteria are used to keep some cookies in the case of private browsing off but "keep until closed" on. I hope some Firefox designers will jump in on this because I have only observations and questions but no answers to offer. I speculate that Firefox's private browsing has been 'strengthened' lately, but that is just a guess on my part.

more options

Hi Quenchoo, when you click Manage Data, there are two columns, one for "Cookies" and one for "Storage".

What you should find with "Keep until: I close Firefox" is that all cookies were removed at shutdown -- unless you added an Allow exception -- but many sites still show up in the storage column.

Maybe that is similar to what you are seeing.

When I have gone digging in the past, the storage size usually corresponded to the disk space consumed by an empty database file. So there was no actual data, but the empty database file was retained, perhaps on the assumption that I might visit that site again.

There also are some sites that leave code libraries behind in storage, which are not personal to you, but seem to linger indefinitely. Someone should look into cleaning up a bit more.