I am seeing a few persistent cookies that remain after a session has been closed.
I have set my privacy settings to :
-Always accept cookies from sites (including third party)
-Keep cookies until "I close firefox"
-Clear history when firefox closes (checking all item in "Settings for Clearing History" except for "Saved Passwords")
-I do not maintain any list of Exceptions
To the best of my knowledge, this has been working perfectly for a long time now. Earlier today, though, I used CCleaner to examine the cookies on my system. All of my browser sessions were closed in all of my browsers (FF, Chrome, IE, Edge). Therefore, I was surprised to find a few cookies attributed to firefox in the cookies console. They represented no more than four or five domains and I didn't think much of it as I attributed it to possibly an artifact of my recent upgrade to Windows 10. I deleted said cookies. However, out of curiosity, I later visited one of the domains represented - mega.nz - and toyed around for a minute. The site offers registration free uploads from its start page. I uploaded a small junk file and then navigated away from the page to news.google.com. Then I closed the entire firefox session and took a look at the cookie console in CCleaner. Once again, mega.nz 's cookie persisted through the closed session. For comparison, no other cookies from that particular session across several domains were still there.
Now, I wish that I had paid better attention to the persistent cookies that I deleted earlier in the day to better contribute to this knowledgebase. Other than mega.nz, I can only be sure that bostonglobe.com also leaves a persistent cookie. So, it seems that there is a type of non-flash cookie that now persists across Firefox sessions. I invite you to please replicate my observations and confirm them for yourselves. It's my hope that Firefox developers will see this and plug this serious privacy breach. Respect for user privacy has meant everything to me in my continual loyalty to Firefox.
Modified
All Replies (4)
bolcrom said
I have set my privacy settings to :
-Always accept cookies from sites (including third party)
-Keep cookies until "I close firefox"
-Clear history when firefox closes (checking all item in "Settings for Clearing History" except for "Saved Passwords")
I believe the way it is supposed to work is as follows:
- With Keep cookies until "I close Firefox" (and no exceptions) any local storage items collected during your session should be expired/removed at the end of your session.
- With Clear history when Firefox closes including cookies, any local storage items in the browser should be cleared.
What does CCleaner show is the actual content of the local storage for any sites persisting after you exit Firefox?
It look as though there are some open "bugs" relating to clearing of local storage.
Regarding the setting of cookies expiring at the end of the session:
Regarding clearing cookies using the shutdown cleaning, that should remove the stored data. It might not remove the folder or database.
I've included the cookie, sqlite, idb, etc. files remaining on my drive after entire closing a session. I visited bostonglobe.com and mega.nz. I uploaded a small test file on the latter site. I believe the larger chunks (in KB) you see in the attached png are the locally encrypted parts of that file as it was disassembled before being transferred to Mega.
Also, note that the actual cookies for the sites have been "deleted" according to the output in the Ccleaner console. I believe that while the content of the cookie which includes the alphanumeric identifier has been scraped at the session's close, the "shell" of the cookie indicating that you've visited the sites remains.
Thanks for pointing me to the open bug. I don't think it's out of turn to note that that bug has now been open for two years. Mozilla provides us a great free service, but the quality of that service has always hinged on mozilla's unchallenged concern for user privacy. A flaw of this nature nearly breaks that contract for me.
Modified
It's worth noting that Twitter has now started using these super cookies.