How do I configure Firefox to always allow all session cookies but no other cookies?
In IE, there is an option to "Always Allow Session Cookies".
So I have IE set up to always block First Party Cookies and always block Third Party Cookies but always allow Session Cookies.
Then I use the cookie exception list if I need to allow any other cookies that do not fall into those three categories.
In Firefox, I can use the cookie exception list to specify individual session cookies and then select "Allow For Session" but they must all be listed individually - I want Firefox to allow ALL session cookies but block ALL first party and block ALL third party cookies, then I can use the cookie exception list if needed.
I'm sorry if the answer to this is obvious or answered elsewhere but I have spent a lot of time searching and have not found it.
Thank you in advance to anyone willing to help me with this!
Выбранное решение
reyxlp said
In IE, there is an option to "Always Allow Session Cookies".
So I have IE set up to always block First Party Cookies and always block Third Party Cookies but always allow Session Cookies.
This is a little strange for sites: they send a number of cookies, but IE ignores some and returns a subset? Does this feature really work the way the dialog describes? Hmm...
In Firefox, I can use the cookie exception list to specify individual session cookies and then select "Allow For Session" but they must all be listed individually - I want Firefox to allow ALL session cookies but block ALL first party and block ALL third party cookies, then I can use the cookie exception list if needed.
No, Firefox doesn't have that feature.
What I suggest is to set Firefox to limit ALL cookies to session cookies, and then make site-specific exceptions for sites you want to remember you between sessions. And/or you can block sites that should never set cookies.
To do this:
Setting Default Cookie Behavior
"3-bar" menu button (or Tools menu) > Options
In the left column click Privacy. On the right side, if you have "Firefox will: Remember history" change that to "Firefox will: Use custom settings for history".
Change "Keep until: they expire" to "Keep until: I close Firefox"
This won't clear existing persistent cookies, but will affect new cookies that are set going forward.
Modifying Site-Specific Cookie Permissions
You can use the Permissions panel of the Page Info dialog to modify permissions for the site listed in the address bar, but there's no convenient way to set permissions for third party cookies. For that I suggest using the Cookie Monster extension.
The Cookie Monster button on the toolbar allows you to see which third party cookies have which permissions and to change them.
https://addons.mozilla.org/firefox/addon/cookie-monster/
Sample screen shot attached -- the option to "Apply cookie settings to both HTTP and HTTPS" is turned on, which streamlines the menu. With this option you don't have to set/modify permissions for both HTTP or HTTPS on the same site (why would they be different?).
Прочитайте этот ответ в контексте 👍 2Все ответы (3)
Выбранное решение
reyxlp said
In IE, there is an option to "Always Allow Session Cookies".
So I have IE set up to always block First Party Cookies and always block Third Party Cookies but always allow Session Cookies.
This is a little strange for sites: they send a number of cookies, but IE ignores some and returns a subset? Does this feature really work the way the dialog describes? Hmm...
In Firefox, I can use the cookie exception list to specify individual session cookies and then select "Allow For Session" but they must all be listed individually - I want Firefox to allow ALL session cookies but block ALL first party and block ALL third party cookies, then I can use the cookie exception list if needed.
No, Firefox doesn't have that feature.
What I suggest is to set Firefox to limit ALL cookies to session cookies, and then make site-specific exceptions for sites you want to remember you between sessions. And/or you can block sites that should never set cookies.
To do this:
Setting Default Cookie Behavior
"3-bar" menu button (or Tools menu) > Options
In the left column click Privacy. On the right side, if you have "Firefox will: Remember history" change that to "Firefox will: Use custom settings for history".
Change "Keep until: they expire" to "Keep until: I close Firefox"
This won't clear existing persistent cookies, but will affect new cookies that are set going forward.
Modifying Site-Specific Cookie Permissions
You can use the Permissions panel of the Page Info dialog to modify permissions for the site listed in the address bar, but there's no convenient way to set permissions for third party cookies. For that I suggest using the Cookie Monster extension.
The Cookie Monster button on the toolbar allows you to see which third party cookies have which permissions and to change them.
https://addons.mozilla.org/firefox/addon/cookie-monster/
Sample screen shot attached -- the option to "Apply cookie settings to both HTTP and HTTPS" is turned on, which streamlines the menu. With this option you don't have to set/modify permissions for both HTTP or HTTPS on the same site (why would they be different?).
Yes, I think IE's dialog is confusing. In IE8, checking the "Always allow session cookies" seems to override the Block on First party cookies and simply converts first party cookies to session cookies. This is similar to the option I mentioned in Firefox.
Screen shot attached for a test using the following page: https://jeffersonscher.com/res/cook.html
You can set network.cookie.thirdparty.sessionOnly to true on the about:config page to make third-party cookies behave as session cookies that expire when Firefox is closed.
You can open the about:config page via the location/address bar. You can accept the warning and click "I'll be careful" to continue.
See also the Firefox source code.