为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

path cookies file on private mode

  • 8 个回答
  • 2 人有此问题
  • 1 次查看
  • 最后回复者为 gabriel_14

more options

On non private mode, cookies stores on cookies.sqlite. But how private mode do? where is the path file of cookies stores while browsing in private mode or incognito? on ram memory? after check on response header and request header some website via developer tools->network, I found that web stores cookies even on private mode. Yes it is true, when we close the browser, the cookies is gone. But, I need to know where path file the cookies is stored in private mode, for security reason. thank you very much.

On non private mode, cookies stores on cookies.sqlite. But how private mode do? where is the path file of cookies stores while browsing in private mode or incognito? on ram memory? after check on response header and request header some website via developer tools->network, I found that web stores cookies even on private mode. Yes it is true, when we close the browser, the cookies is gone. But, I need to know where path file the cookies is stored in private mode, for security reason. thank you very much.

由gabriel_14于修改

所有回复 (8)

more options

hello, private browsing mode saves site data of the current session like cookies in RAM - they do not get stored on disk...

more options

ohh I see.. thank you very much..

is there any way to see the content directly to the memory, so I can prove it? maybe from programming code or not? I mean not from developer tools.

hmm what happen if memory get full, the data will stored on disk? or just crash?

thanks in advance

more options

according to https://wiki.mozilla.org/Private_Browsing#Persistent_Storage the implementation can't protect against memory content that the OS might put into a page file.

sorry, i don't have any clue about inspecting particular contents of your RAM - this doesn't sound like a straightforward simple task judging on a quick web search...

more options

alright.. I begin understanding what's your point..

for last, I don't know if mozilla let user know to access their value on memory for see cookies on private mode..

more options

There is the OS swap file to page data to the hard drive when you run out of free physical memory (virtual memory). That is the only time that this data might be getting stored on the hard drive. Only developer tools (Storage Inspector or using the command line document.cookie) can show cookies.

more options

I get it there is some OS do it and only dev tools can show the cookies. -If it stored on hard drive after swap from memory, the data will be temporary or permanent on disk?

-what OS do swap? Mac, linux or windows?

-and one more question after I learn more about cookies. I found that even in non private mode, browser store the cookies at sqlite(disk) but some of them only just in memory. Who responsible to choose that cookies is stored at disk or memory? for example cookies __cfduid. I found that, some of them are permanent on disk, but another just temporary only on memory even from same website. (edit post) for some additional information, both the cookies that stored permanently and cookies that stored temporary have expired date on next year, so I assume that there is cookies stored on memory even in non private mode

由gabriel_14于修改

more options

All operating systems can swap data to disk. The purpose of virtual memory is to extend your installed physical memory with memory stored on the hard drive to be able to run more applications at the same time. Linux has a special swap partition.

There are two kinds of cookies, session cookies that expire when you close Firefox and persistent cookies that have their own expiration date as specified when they are created. This expiration date can be a short time span (minutes, hours) or longer (days, years). You can create a full cookie allow exception and an allow for session exception (Manage Permissions). Note that even session cookies can be swapped temporarily to the hard drive when you open a Private Browsing mode window that has its own separate in-memory cookie jar.

more options

cor-el said

All operating systems can swap data to disk. The purpose of virtual memory is to extend your installed physical memory with memory stored on the hard drive to be able to run more applications at the same time. Linux has a special swap partition. There are two kinds of cookies, session cookies that expire when you close Firefox and persistent cookies that have their own expiration date as specified when they are created. This expiration date can be a short time span (minutes, hours) or longer (days, years). You can create a full cookie allow exception and an allow for session exception (Manage Permissions).

At above, I already understand about this, thank you very much.

cor-el said

Note that even session cookies can be swapped temporarily to the hard drive when you open a Private Browsing mode window that has its own separate in-memory cookie jar.

from above, terms "in-memory cookie jar" means on RAM right?

To clear out about my question, I'll give you two sample cookies. 1. Cookies stored on sqlite when I entered for first time of some website and not never cookies stored before. Below is the request and response header: Request:

Host: www.<somewebsite>.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1

Response:

HTTP/2.0 200 OK date: Thu, 11 Jul 2019 11:48:39 GMT content-type: text/html; charset=utf-8 set-cookie: __cfduid=dfd1c5fc6d89dcfe544494ec37c71f742156284571; expires=Fri, 10-Jul-20 11:48:39 GMT; path=/; domain=.<somewebsite>.com; HttpOnly vary: Accept-Encoding x-frame-options: SAMEORIGIN set-cookie: ID=jo1brcukgr8ca0o5chinnpiikunkcaoheoha8v9vpkotfl0k5r; path=/; domain=.<somewebsite>.com; secure; HttpOnly expires: Thu, 11 Jul 2019 12:18:39 GMT last-modified: Thu, 11 Jul 2019 11:48:39 GMT pragma: cache cache-control: max-age=1800 expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 4f4a8cb01c36321-SIN content-encoding: br X-Firefox-Spdy: h2

and from this, I found that __cfduid=dfd1c5fc6d89dcfe544494ec37c71f742156284571 is stored on cookies.sqlite

2. Cookies not stored on sqlite after I enter the website and have cookies cfduid that stored on sqlite like above, I just go to another page on the same website, and this is happen. Request:

Host: ap.<sameweb>.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.<sameweb>.com/ Origin: https://www.<sameweb>.com DNT: 1 Connection: keep-alive

Response:

HTTP/2.0 200 OK date: Thu, 11 Jul 2019 12:04:45 GMT content-type: application/json; charset=utf-8 set-cookie: __cfduid=d27d7b38daf1ce6f0c7f9584680e3c4b6156284668; expires=Fri, 10-Jul-20 12:04:45 GMT; path=/; domain=.<sameweb>.com; HttpOnly vary: Accept-Encoding x-fr24-cache: partial x-powered-by: AB access-control-allow-origin: * access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept x-cache: MISS expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 4f4aa445baf9cbd-SIN content-encoding: br X-Firefox-Spdy: h2

from this 2nd cookies of cfduid, after I checked, it is never stored on sqlite. But 1st cookies of cfduid still on sqlite.

why this is happen? Is firefox or other browser choose what cookies need to be stored? or just from server of the web is the one who responsible to choose to stored on disk or not?

Both cookies, 1st and 2nd have expired on year 2020, so it means "persistent cookies", right?

Note: this web is accessed from non private mode, so both of cookies is belong on non private mode.

thanks in advance.. I'm still learning more about cookies.. ^^

由gabriel_14于修改