Cookies: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
(→‎Firefox: added bullets for Firefox 2 and above and Firefox 1.5, added links)
(→‎Cookie permissions: combine third-party cookies bit)
 
(18 intermediate revisions by 7 users not shown)
Line 1: Line 1:
[http://en.wikipedia.org/wiki/HTTP_cookie Cookies] are small pieces of textual information stored by webpages on your computer. Their many uses include remembering login information and preserving the contents of your basket on shopping sites.  
[http://en.wikipedia.org/wiki/HTTP_cookie Cookies] are small pieces of textual information stored by webpages on your computer. Their many uses include remembering login information and preserving the contents of your basket on shopping sites. Cookies may also pose a privacy risk as they can be used for [[user tracking]] across websites.


==Cookie permissions==
==Cookie permissions==


===Mozilla Suite and SeaMonkey===   
===SeaMonkey===   
Cookie permissions are controlled in "[[Menu differences in Windows, Linux, and Mac|Edit -> Preferences]] -> Privacy & Security -> Cookies".  You can choose to block all cookies, allow all cookies, allow cookies for the originating website only (third-party cookies) or you can allow cookies based on privacy settings. If you allow cookies, you can also select the following retention preferences:  
Overall cookie permissions are controlled in "[[Menu differences in Windows, Linux, and Mac|Edit -> Preferences]] -> Privacy & Security -> Cookies".  You can choose to block all cookies, allow all cookies, or to allow cookies for the originating website only (thus blocking third-party cookies), In SeaMonkey 2.19 and later, third-party cookies can be restricted to allow cookies from previously visited websites only. If you allow cookies, you can also select the following retention preferences:  
*  Accept cookies normally
*  Accept cookies normally
*  Accept for current session only (deletes the cookie the next time you exit your browser).
*  Accept for current session only (deletes the cookie the next time you exit your browser).
*  Accept cookies for __ days
*  Accept cookies for __ days
*  Ask for each cookie (you can limit these warnings by choosing "except for session cookies")  
*  Ask for each cookie (you can limit these warnings by choosing "except for session cookies")  
This has a [Cookie Manager] button that opens the Data Manager to control cookie settings per-site.


====Cookie Manager====
====Per-site cookie management====
The Mozilla Suite/SeaMonkey Cookie Manager (also accessible via "Tools -> Cookie Manager -> Manage Stored Cookies") lets you to view or delete individual cookies ("Stored Cookies" tab) and lets you override basic cookie settings so that you can allow or block cookies for individual sites ("Cookie Sites" tab)
In SeaMonkey 2.x, the [[Data Manager]] lets you view or delete individual cookies for a site ("Cookies") tab and override basic cookie settings so that you can allow or block cookies for individual sites ("Permissions" tab).
You can open Data Manager from the [Cookie Manager] button in Preferences "Privacy & Security -> Cookies" described above and also from the menu item "Tools -> Data Manager".
 
(In SeaMonkey 1.x and the earlier Mozilla Suite the Cookie Manager was a separate panel, accessible via "Tools -> Cookie Manager -> Manage Stored Cookies" and the tabs were named "Stored Cookies" and "Cookie Sites".)


===Firefox===
===Firefox===
Cookie permissions are controlled in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy -> Cookies". You may choose to accept all cookies that websites wish to set or, in Firefox 1.5 and earlier,  you may choose the option to accept cookies "for the originating site only", which will block ''third-party cookies'' that are often set by other companies who advertise on those sites.  
Cookie permissions are controlled in "[[Menu differences in Windows, Linux, and Mac|Tools -> Options]] -> Privacy". You may have to choose "Use custom settings for history" in the "Firefox will:" drop-down menu to see more options. You may choose to accept all cookies that websites wish to set or, in Firefox 3.0 and above,  you may choose to accept or block third-party cookies that are often set by other companies who advertise on those sites.  


In Firefox 2, the option to block third-party cookies (accept cookies "for the originating site only") was removed from the user interface (UI).  [https://bugzilla.mozilla.org/show_bug.cgi?id=349680Users can still block third-party cookies in  [[about:config]], by modifying the preference [[network.cookie.cookieBehavior]] to '''1'''.   (For more information about this setting, see [https://bugzilla.mozilla.org/show_bug.cgi?id=324397 bug 324397] and [https://bugzilla.mozilla.org/show_bug.cgi?id=417800 bug 417800].)
====Third-party cookies====
Starting in Firefox 3, you can block third-party cookies in the user interface, by deselecting (clearing) the option, "Accept third-party cookies".  [https://bugzilla.mozilla.org/show_bug.cgi?id=419596With Firefox 22, a new option is introduced to block third-party cookies from web sites which you haven't explicitly visited before, thus making it harder to employ cross-site [[user tracking]] based on such cookies. [https://bugzilla.mozilla.org/show_bug.cgi?id=818340] The drop-down menu has three options:
* Always - all cookies from websites other than the site you visit are allowed;
* From visited - cookies from third parties are allowed only if you have explicitly visited that site itself before;
* Never - no cookies from websites foreign to the website you currently visit are allowed.


Starting in Firefox 3,  you can again block third-party cookies in the user interface, by deselecting (clearing) the option, "Accept third-party cookies".  [https://bugzilla.mozilla.org/show_bug.cgi?id=419596] 
If you block all third-party cookies, many sites will not work. If you want them to work you have to make an exception (see below) to Allow (or Allow for Session). This will set the site to accept all cookies, including third-party cookies.


====Exceptions list====
====Exceptions list====
As well as the basic permissions above, you may also make blacklists and whitelists using the Exceptions list. The settings in this list override your basic cookie settings, so that you can have stronger control over individual sites that you have manually added to the list. You can choose to allow an individual site to set cookies, or to set "session"  cookies which are deleted once you have closed Firefox, or to stop it from setting cookies at all.
As well as the basic permissions above, in Firefox you may also make blacklists and whitelists using the Exceptions list. The settings in this list override your basic cookie settings, so that you can have stronger control over individual sites that you have manually added to the list. You can choose to allow an individual site to set cookies, or to set "session"  cookies which are deleted once you have closed Firefox, or to stop it from setting cookies at all.
 
SeaMonkey does not have a direct equivalent to Firefox's Exceptions list. Instead you have to struggle with Data Manager's confusing buggy interface ({{bug|770322}}).
# Click Add
# Enter a hostname in the box near the bottom, e.g. <tt>apis.google.com</tt>,
# Select a Type of "Set Cookies" from the dropdown
# Click the new Add button
# Uncheck Use Default
# ''Change the cookie setting from whatever it was (the default) to something else''
# Then change the cookie setting to what you really want, e.g. "Allow".


==If websites report cookies are blocked==
==Websites report cookies are disabled==
If you have set your Mozilla browser to accept cookies but websites are reporting that cookies are being blocked, see if the site is shown as blocked in the Firefox "Exceptions" list (under [[Menu differences in Windows, Linux, and Mac |Tools -> Options]] -> Privacy -> Cookies")  or in the Mozilla Suite/SeaMonkey "Cookie Sites" list (under "Tools -> Cookie Manager -> Manage Stored Cookies") and, if so, remove it from the list.  If you still have problems, read [[Websites report cookies are disabled| this article]].
Some websites will not work properly or will display an error message if cookies are disabled.  If you have set your Mozilla browser to accept cookies but websites are not allowing you to log in or report that cookies are not enabled, are blocked, or are being rejected by your browser, see if the site is shown as blocked in the Firefox "Exceptions" list (under [[Menu differences in Windows, Linux, and Mac |Tools -> Options]] -> Privacy")  or in the Mozilla Suite/SeaMonkey "Cookie Sites" list (under "Tools -> Cookie Manager -> Manage Stored Cookies") and, if so, remove it from the list.  For more information, read [[Websites report cookies are disabled]].


== Removing cookies ==
== Removing cookies ==
Line 31: Line 48:


===Firefox ===
===Firefox ===
*'''Firefox 2 and above:'''  To remove all cookies,  go to "[[Menu differences|Tools -> Options]] -> Privacy / Cookies -> Show Cookies..." and click "Remove All Cookies".  To remove specific cookies, select a cookie from the list, and click "Remove Cookie".   
To remove all cookies,  go to "[[Menu differences|Tools -> Options]] -> Privacy".  In Firefox 3.5, select "Use custom settings for history" in the "Firefox will:" drop-down menu, if another option is shown.  Select "Show Cookies..." and click "Remove All Cookies".  To remove specific cookies, select a cookie from the list, and click "Remove Cookie"
 
To selectively remove more than one cookie in the above dialog  use the  "Ctrl" key to add additional lines to the selection, and/or the "Shift" key to extend a selection,  then "Remove Cookie".  There is a Search bar in the dialog that you can use to search on any string within the cookie, such as a site for example, which would be the preferred method and then selectively remove unwanted cookies from the shortened list.   


*'''Firefox 1.5:'''  To remove all cookies, go to "[[Menu differences|Tools -> Options]] -> Privacy -> Cookies" and click "Clear Cookies Now". To remove specific cookies, click "View Cookies", select a cookie from the list, and click "Remove Cookie.
Sometimes removing the cookies in the Cookie Manager is not sufficient and you need to delete the file that stores cookies in your [[Profile folder - Firefox |Firefox profile folder]] ("cookies.sqlite" in Firefox 3 and above, "cookies.txt" in Firefox 2 or below). See the section, [[#Where are cookies stored|Where are cookies stored]] (below) for more information.


Sometimes removing the cookies in the Cookie Manager is not sufficient and you need to delete the file that stores cookies in your [[Profile folder - Firefox |Firefox profile folder]]  ("cookies.sqlite" in Firefox 3, "cookies.txt" in Firefox 2 or below). See the section, [[#Where are cookies stored|Where are cookies stored]] (below) for more information.
The Torbutton extension interferes with cookie deletion.[https://bugzilla.mozilla.org/show_bug.cgi?id=450850#c2][http://forums.mozillazine.org/viewtopic.php?p=5138125#p5138125]


==Where are cookies stored==
==Where are cookies stored==
Cookie information is stored in two files: [[cookies.txt]] and [[hostperm.1]]. (Older versions used "cookperm.txt" instead of  hostperm.1. [https://bugzilla.mozilla.org/show_bug.cgi?id=219752]) 
Cookie information is stored in the [[profile folder]], in two files. Starting with Firefox 3.0 and SeaMonkey 2.0 the cookie information is stored in the files [[cookies.sqlite]] and [[permissions.sqlite]].  In Firefox 2 or below and Mozilla Suite/SeaMonkey 1.x, cookies are stored in the [[cookies.txt]] file and cookie site permissions are stored in the [[hostperm.1]] file.  
 
Starting in Firefox 3.0 and SeaMonkey 2.0, cookie information is stored in "cookies.sqlite" and "permissions.sqlite".
{| {{prettytable}}
{| {{prettytable}}
! File !! Description
! File !! Description
|-
|-
|valign="top"| [[cookies.txt]] <br> cookies.sqlite || Holds all of your cookies, including login information, session data, and preferences.
|valign="top"| cookies.sqlite <br> cookies.txt || Holds all of your cookies, including login information, session data, and preferences.
|-
|-
|valign="top"| [[hostperm.1]]<br> permissions.sqlite  || Holds preferences about which sites you allow or prohibit to set cookies, to display images, to open popup windows and to initiate extensions installation.
|valign="top"| permissions.sqlite <br> hostperm.1 || Holds preferences about which sites you allow or prohibit to set cookies, to display images, to open popup windows and to initiate extensions installation.
|-  
|-  
|}
|}
Line 56: Line 73:


==External links==
==External links==
* [http://support.mozilla.com/en-US/kb/About+cookies About cookies (Firefox Support)]
* [http://support.mozilla.com/en-US/kb/Cookies About cookies (Firefox Support)]


[[Category:Privacy and security]]
[[Category:Privacy and security]]
[[Category:Privacy and security (Thunderbird)]]
[[Category:Privacy and security (Thunderbird)]]

Latest revision as of 02:25, 23 March 2014

Cookies are small pieces of textual information stored by webpages on your computer. Their many uses include remembering login information and preserving the contents of your basket on shopping sites. Cookies may also pose a privacy risk as they can be used for user tracking across websites.

Cookie permissions

SeaMonkey

Overall cookie permissions are controlled in "Edit -> Preferences -> Privacy & Security -> Cookies". You can choose to block all cookies, allow all cookies, or to allow cookies for the originating website only (thus blocking third-party cookies), In SeaMonkey 2.19 and later, third-party cookies can be restricted to allow cookies from previously visited websites only. If you allow cookies, you can also select the following retention preferences:

  • Accept cookies normally
  • Accept for current session only (deletes the cookie the next time you exit your browser).
  • Accept cookies for __ days
  • Ask for each cookie (you can limit these warnings by choosing "except for session cookies")

This has a [Cookie Manager] button that opens the Data Manager to control cookie settings per-site.

Per-site cookie management

In SeaMonkey 2.x, the Data Manager lets you view or delete individual cookies for a site ("Cookies") tab and override basic cookie settings so that you can allow or block cookies for individual sites ("Permissions" tab). You can open Data Manager from the [Cookie Manager] button in Preferences "Privacy & Security -> Cookies" described above and also from the menu item "Tools -> Data Manager".

(In SeaMonkey 1.x and the earlier Mozilla Suite the Cookie Manager was a separate panel, accessible via "Tools -> Cookie Manager -> Manage Stored Cookies" and the tabs were named "Stored Cookies" and "Cookie Sites".)

Firefox

Cookie permissions are controlled in "Tools -> Options -> Privacy". You may have to choose "Use custom settings for history" in the "Firefox will:" drop-down menu to see more options. You may choose to accept all cookies that websites wish to set or, in Firefox 3.0 and above, you may choose to accept or block third-party cookies that are often set by other companies who advertise on those sites.

Third-party cookies

Starting in Firefox 3, you can block third-party cookies in the user interface, by deselecting (clearing) the option, "Accept third-party cookies". [1] With Firefox 22, a new option is introduced to block third-party cookies from web sites which you haven't explicitly visited before, thus making it harder to employ cross-site user tracking based on such cookies. [2] The drop-down menu has three options:

  • Always - all cookies from websites other than the site you visit are allowed;
  • From visited - cookies from third parties are allowed only if you have explicitly visited that site itself before;
  • Never - no cookies from websites foreign to the website you currently visit are allowed.

If you block all third-party cookies, many sites will not work. If you want them to work you have to make an exception (see below) to Allow (or Allow for Session). This will set the site to accept all cookies, including third-party cookies.

Exceptions list

As well as the basic permissions above, in Firefox you may also make blacklists and whitelists using the Exceptions list. The settings in this list override your basic cookie settings, so that you can have stronger control over individual sites that you have manually added to the list. You can choose to allow an individual site to set cookies, or to set "session" cookies which are deleted once you have closed Firefox, or to stop it from setting cookies at all.

SeaMonkey does not have a direct equivalent to Firefox's Exceptions list. Instead you have to struggle with Data Manager's confusing buggy interface (bug 770322).

  1. Click Add
  2. Enter a hostname in the box near the bottom, e.g. apis.google.com,
  3. Select a Type of "Set Cookies" from the dropdown
  4. Click the new Add button
  5. Uncheck Use Default
  6. Change the cookie setting from whatever it was (the default) to something else
  7. Then change the cookie setting to what you really want, e.g. "Allow".

Websites report cookies are disabled

Some websites will not work properly or will display an error message if cookies are disabled. If you have set your Mozilla browser to accept cookies but websites are not allowing you to log in or report that cookies are not enabled, are blocked, or are being rejected by your browser, see if the site is shown as blocked in the Firefox "Exceptions" list (under Tools -> Options -> Privacy") or in the Mozilla Suite/SeaMonkey "Cookie Sites" list (under "Tools -> Cookie Manager -> Manage Stored Cookies") and, if so, remove it from the list. For more information, read Websites report cookies are disabled.

Removing cookies

Mozilla Suite and SeaMonkey

To remove all cookies go to "Edit -> Preferences -> Privacy & Security -> Cookies -> Cookie Manager -> Stored Cookies (tab)" (or use "Tools -> Cookie Manager -> Manage Stored Cookies") and click "Remove All Cookies". To remove specific cookies, select a cookie from the list and click "Remove Cookie".

Firefox

To remove all cookies, go to "Tools -> Options -> Privacy". In Firefox 3.5, select "Use custom settings for history" in the "Firefox will:" drop-down menu, if another option is shown. Select "Show Cookies..." and click "Remove All Cookies". To remove specific cookies, select a cookie from the list, and click "Remove Cookie".

To selectively remove more than one cookie in the above dialog use the "Ctrl" key to add additional lines to the selection, and/or the "Shift" key to extend a selection, then "Remove Cookie". There is a Search bar in the dialog that you can use to search on any string within the cookie, such as a site for example, which would be the preferred method and then selectively remove unwanted cookies from the shortened list.

Sometimes removing the cookies in the Cookie Manager is not sufficient and you need to delete the file that stores cookies in your Firefox profile folder ("cookies.sqlite" in Firefox 3 and above, "cookies.txt" in Firefox 2 or below). See the section, Where are cookies stored (below) for more information.

The Torbutton extension interferes with cookie deletion.[3][4]

Where are cookies stored

Cookie information is stored in the profile folder, in two files. Starting with Firefox 3.0 and SeaMonkey 2.0 the cookie information is stored in the files cookies.sqlite and permissions.sqlite. In Firefox 2 or below and Mozilla Suite/SeaMonkey 1.x, cookies are stored in the cookies.txt file and cookie site permissions are stored in the hostperm.1 file.

File Description
cookies.sqlite
cookies.txt
Holds all of your cookies, including login information, session data, and preferences.
permissions.sqlite
hostperm.1
Holds preferences about which sites you allow or prohibit to set cookies, to display images, to open popup windows and to initiate extensions installation.

See also

External links