Blocking/Allowing Cookies

If I block all cookies (Preferences/Privacy & Security\Cookies/
Block cookies), then allow session cookies from https://aaa.bbb
(in chrome://communicator/content/permissions/cookieViewer.xul),
are session cookies allowed from https://xxx.aaa.bbb?
0
xxyyz
8/4/2018 5:09:10 PM
mozilla.support.seamonkey 12946 articles. 0 followers. Post Follow

14 Replies
36 Views

Similar Articles

[PageSpeed] 23

On 8/4/2018 10:09 AM, xxyyz wrote:
> If I block all cookies (Preferences/Privacy & Security\Cookies/
> Block cookies), then allow session cookies from https://aaa.bbb
> (in chrome://communicator/content/permissions/cookieViewer.xul),
> are session cookies allowed from https://xxx.aaa.bbb?
> 

I use the following strategy.  I do not block all cookies.  Instead, I
allow cookies only from the domain of the Web site I requested.  I have
also blocked cookies from selected Web sites, primarily advertising
sites that might have cookies set by my select Web sites.

The key is that I located the file cookies.sqlite in my profile and
marked it as read-only.  All the cookies that get set as I surf the Web
are lost as soon as I terminate SeaMonkey.  That is, all of those
cookies are treated as session-only.

Sometimes, however, I want to keep a cookie.  Fortunately, that does not
often happen because the process is somewhat cumbersome.  To see my
process, go to <http://www.rossde.com/internet/cookies.html#doabout>.

-- 
David E. Ross
<http://www.rossde.com>

Too often, Twitter is a source of verbal vomit.  Examples include Donald
Trump and Roseanne Barr.
0
David
8/4/2018 6:32:30 PM
On 2018-08-04 2:32 PM, David E. Ross wrote:
> On 8/4/2018 10:09 AM, xxyyz wrote:
>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>> Block cookies), then allow session cookies from https://aaa.bbb
>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>> are session cookies allowed from https://xxx.aaa.bbb?
>>
> 
> I use the following strategy.  I do not block all cookies.  Instead, I
> allow cookies only from the domain of the Web site I requested.  I have
> also blocked cookies from selected Web sites, primarily advertising
> sites that might have cookies set by my select Web sites.
> 
> The key is that I located the file cookies.sqlite in my profile and
> marked it as read-only.  All the cookies that get set as I surf the Web
> are lost as soon as I terminate SeaMonkey.  That is, all of those
> cookies are treated as session-only.
> 
> Sometimes, however, I want to keep a cookie.  Fortunately, that does not
> often happen because the process is somewhat cumbersome.  To see my
> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
> 
Thank you for the response - but I'm asking a very basic question:
Does allowing cookies from a specific site allow cookies from 
"subsidiary" sites?  Same question when blocking cookies.
0
xxyyz
8/7/2018 5:00:16 PM
xxyyz wrote:
> On 2018-08-04 2:32 PM, David E. Ross wrote:
>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>> Block cookies), then allow session cookies from https://aaa.bbb
>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>
>>
>> I use the following strategy.� I do not block all cookies.� Instead, I
>> allow cookies only from the domain of the Web site I requested.� I have
>> also blocked cookies from selected Web sites, primarily advertising
>> sites that might have cookies set by my select Web sites.
>>
>> The key is that I located the file cookies.sqlite in my profile and
>> marked it as read-only.� All the cookies that get set as I surf the Web
>> are lost as soon as I terminate SeaMonkey.� That is, all of those
>> cookies are treated as session-only.
>>
>> Sometimes, however, I want to keep a cookie.� Fortunately, that does not
>> often happen because the process is somewhat cumbersome.� To see my
>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>
> Thank you for the response - but I'm asking a very basic question:
> Does allowing cookies from a specific site allow cookies from 
> "subsidiary" sites?� Same question when blocking cookies.

If you allow cookies from the second level domain, then they would be 
allowed from one of its specific third level domains as well.

0
EE
8/8/2018 6:01:48 PM
On 8/7/2018 12:00 PM, xxyyz wrote:
> On 2018-08-04 2:32 PM, David E. Ross wrote:
>> 
> Thank you for the response - but I'm asking a very basic question:
> Does allowing cookies from a specific site allow cookies from 
> "subsidiary" sites?  Same question when blocking cookies.

It depends on how the cookie is created.  From 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie:

Domain=<domain-value> Optional
     Specifies those hosts to which the cookie will be sent. If not 
specified, defaults to the host portion of the current document location 
(but not including subdomains). Contrary to earlier specifications, 
leading dots in domain names are ignored. If a domain is specified, 
subdomains are always included.

If you allow cookies from yyy.zzz and a cookie is created without the 
optional "Domain" parameter cookies from xxx.yyy.zzz are not allowed. 
They ARE allowed if the Domain is specified.

Lem Johnson
0
Lemuel
8/8/2018 6:10:34 PM
On 2018-08-08 2:10 PM, Lemuel Johnson wrote:
> On 8/7/2018 12:00 PM, xxyyz wrote:
>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>
>> Thank you for the response - but I'm asking a very basic question:
>> Does allowing cookies from a specific site allow cookies from 
>> "subsidiary" sites?  Same question when blocking cookies.
> 
> It depends on how the cookie is created.  From 
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie:
> 
> Domain=<domain-value> Optional
>      Specifies those hosts to which the cookie will be sent. If not 
> specified, defaults to the host portion of the current document location 
> (but not including subdomains). Contrary to earlier specifications, 
> leading dots in domain names are ignored. If a domain is specified, 
> subdomains are always included.
> 
> If you allow cookies from yyy.zzz and a cookie is created without the 
> optional "Domain" parameter cookies from xxx.yyy.zzz are not allowed. 
> They ARE allowed if the Domain is specified.
> 
> Lem Johnson
Thank you.  I think I understand this.

Another question (sort of the previous one in reverse):
If I block all cookies and allow cookies from https://aaa.xxx.yyy,
are cookies from https://xxx.yyy allowed?  I assumed not, but I've
seen several cases where Cookie Manager lists cookies from the
latter.  Does this also depend on whether or not the Domain is
specified in the cookie?

0
xxyyz
8/9/2018 12:32:35 AM
On 2018-08-08 2:01 PM, EE wrote:
> xxyyz wrote:
>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>
>>>
>>> I use the following strategy.  I do not block all cookies.  Instead, I
>>> allow cookies only from the domain of the Web site I requested.  I have
>>> also blocked cookies from selected Web sites, primarily advertising
>>> sites that might have cookies set by my select Web sites.
>>>
>>> The key is that I located the file cookies.sqlite in my profile and
>>> marked it as read-only.  All the cookies that get set as I surf the Web
>>> are lost as soon as I terminate SeaMonkey.  That is, all of those
>>> cookies are treated as session-only.
>>>
>>> Sometimes, however, I want to keep a cookie.  Fortunately, that does not
>>> often happen because the process is somewhat cumbersome.  To see my
>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>
>> Thank you for the response - but I'm asking a very basic question:
>> Does allowing cookies from a specific site allow cookies from 
>> "subsidiary" sites?  Same question when blocking cookies.
> 
> If you allow cookies from the second level domain, then they would be 
> allowed from one of its specific third level domains as well.
> 
Thank you.  Does the reverse apply - i.e. if I allow cookies from a
specific third level domain, are they allowed from the second level
domain?
0
xxyyz
8/9/2018 12:36:55 AM
On 8/8/2018 7:32 PM, xxyyz wrote:
> On 2018-08-08 2:10 PM, Lemuel Johnson wrote:
>> On 8/7/2018 12:00 PM, xxyyz wrote:
>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>
>>> Thank you for the response - but I'm asking a very basic question:
>>> Does allowing cookies from a specific site allow cookies from 
>>> "subsidiary" sites?  Same question when blocking cookies.
>>
>> It depends on how the cookie is created.  From 
>> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie:
>>
>> Domain=<domain-value> Optional
>>      Specifies those hosts to which the cookie will be sent. If not 
>> specified, defaults to the host portion of the current document 
>> location (but not including subdomains). Contrary to earlier 
>> specifications, leading dots in domain names are ignored. If a domain 
>> is specified, subdomains are always included.
>>
>> If you allow cookies from yyy.zzz and a cookie is created without the 
>> optional "Domain" parameter cookies from xxx.yyy.zzz are not allowed. 
>> They ARE allowed if the Domain is specified.
>>
>> Lem Johnson
> Thank you.  I think I understand this.
> 
> Another question (sort of the previous one in reverse):
> If I block all cookies and allow cookies from https://aaa.xxx.yyy,
> are cookies from https://xxx.yyy allowed?  I assumed not, but I've
> seen several cases where Cookie Manager lists cookies from the
> latter.  Does this also depend on whether or not the Domain is
> specified in the cookie?
> 

A useful tool for evaluating the options:
https://scripts.cmbuckley.co.uk/cookies.php

Lem Johnson
0
Lemuel
8/9/2018 6:28:05 PM
xxyyz wrote:
> On 2018-08-08 2:01 PM, EE wrote:
>> xxyyz wrote:
>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>>
>>>>
>>>> I use the following strategy.� I do not block all cookies.� Instead, I
>>>> allow cookies only from the domain of the Web site I requested.� I have
>>>> also blocked cookies from selected Web sites, primarily advertising
>>>> sites that might have cookies set by my select Web sites.
>>>>
>>>> The key is that I located the file cookies.sqlite in my profile and
>>>> marked it as read-only.� All the cookies that get set as I surf the Web
>>>> are lost as soon as I terminate SeaMonkey.� That is, all of those
>>>> cookies are treated as session-only.
>>>>
>>>> Sometimes, however, I want to keep a cookie.� Fortunately, that does 
>>>> not
>>>> often happen because the process is somewhat cumbersome.� To see my
>>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>>
>>> Thank you for the response - but I'm asking a very basic question:
>>> Does allowing cookies from a specific site allow cookies from 
>>> "subsidiary" sites?� Same question when blocking cookies.
>>
>> If you allow cookies from the second level domain, then they would be 
>> allowed from one of its specific third level domains as well.
>>
> Thank you.� Does the reverse apply - i.e. if I allow cookies from a
> specific third level domain, are they allowed from the second level
> domain?

No, not normally, unless you use a cookie handling extension that 
specifically allows that.  For my part, there is no way I want that to 
happen with a big domain.

0
EE
8/9/2018 7:08:49 PM
On 2018-08-09 3:08 PM, EE wrote:
> xxyyz wrote:
>> On 2018-08-08 2:01 PM, EE wrote:
>>> xxyyz wrote:
>>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>>>
>>>>>
>>>>> I use the following strategy.  I do not block all cookies.  Instead, I
>>>>> allow cookies only from the domain of the Web site I requested.  I 
>>>>> have
>>>>> also blocked cookies from selected Web sites, primarily advertising
>>>>> sites that might have cookies set by my select Web sites.
>>>>>
>>>>> The key is that I located the file cookies.sqlite in my profile and
>>>>> marked it as read-only.  All the cookies that get set as I surf the 
>>>>> Web
>>>>> are lost as soon as I terminate SeaMonkey.  That is, all of those
>>>>> cookies are treated as session-only.
>>>>>
>>>>> Sometimes, however, I want to keep a cookie.  Fortunately, that 
>>>>> does not
>>>>> often happen because the process is somewhat cumbersome.  To see my
>>>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>>>
>>>> Thank you for the response - but I'm asking a very basic question:
>>>> Does allowing cookies from a specific site allow cookies from 
>>>> "subsidiary" sites?  Same question when blocking cookies.
>>>
>>> If you allow cookies from the second level domain, then they would be 
>>> allowed from one of its specific third level domains as well.
>>>
>> Thank you.  Does the reverse apply - i.e. if I allow cookies from a
>> specific third level domain, are they allowed from the second level
>> domain?
> 
> No, not normally, unless you use a cookie handling extension that 
> specifically allows that.  For my part, there is no way I want that to 
> happen with a big domain.
> 
Thank you.  That's what I thought, but
(a) I have no extensions (except AB+)
(b) I have all cookies blocked in preferences
(c) I allow session cookies from accounts.google.com and mail.google.com
(to occasionally access my one gmail account) in cookie manager
(d) When I access the gmail account via webmail, cookie manager shows
cookies from accounts.google.com and mail.google.com AND google.com??
0
xxyyz
8/10/2018 1:55:04 AM
On 2018-08-09 2:28 PM, Lemuel Johnson wrote:
> On 8/8/2018 7:32 PM, xxyyz wrote:
>> On 2018-08-08 2:10 PM, Lemuel Johnson wrote:
>>> On 8/7/2018 12:00 PM, xxyyz wrote:
>>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>>
>>>> Thank you for the response - but I'm asking a very basic question:
>>>> Does allowing cookies from a specific site allow cookies from 
>>>> "subsidiary" sites?  Same question when blocking cookies.
>>>
>>> It depends on how the cookie is created.  From 
>>> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie:
>>>
>>> Domain=<domain-value> Optional
>>>      Specifies those hosts to which the cookie will be sent. If not 
>>> specified, defaults to the host portion of the current document 
>>> location (but not including subdomains). Contrary to earlier 
>>> specifications, leading dots in domain names are ignored. If a domain 
>>> is specified, subdomains are always included.
>>>
>>> If you allow cookies from yyy.zzz and a cookie is created without the 
>>> optional "Domain" parameter cookies from xxx.yyy.zzz are not allowed. 
>>> They ARE allowed if the Domain is specified.
>>>
>>> Lem Johnson
>> Thank you.  I think I understand this.
>>
>> Another question (sort of the previous one in reverse):
>> If I block all cookies and allow cookies from https://aaa.xxx.yyy,
>> are cookies from https://xxx.yyy allowed?  I assumed not, but I've
>> seen several cases where Cookie Manager lists cookies from the
>> latter.  Does this also depend on whether or not the Domain is
>> specified in the cookie?
>>
> 
> A useful tool for evaluating the options:
> https://scripts.cmbuckley.co.uk/cookies.php
> 
> Lem Johnson
Thank you, but I must be getting old as I could not figure out how to
use the tool.
0
xxyyz
8/10/2018 1:56:45 AM
For some more insight how the permission api operates these days:

https://bugzilla.mozilla.org/show_bug.cgi?id=1479347

FRG
EE wrote:
> xxyyz wrote:
>> On 2018-08-08 2:01 PM, EE wrote:
>>> xxyyz wrote:
>>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>>>
>>>>>
>>>>> I use the following strategy.  I do not block all cookies.  Instead, I
>>>>> allow cookies only from the domain of the Web site I requested.  I 
>>>>> have
>>>>> also blocked cookies from selected Web sites, primarily advertising
>>>>> sites that might have cookies set by my select Web sites.
>>>>>
>>>>> The key is that I located the file cookies.sqlite in my profile and
>>>>> marked it as read-only.  All the cookies that get set as I surf the 
>>>>> Web
>>>>> are lost as soon as I terminate SeaMonkey.  That is, all of those
>>>>> cookies are treated as session-only.
>>>>>
>>>>> Sometimes, however, I want to keep a cookie.  Fortunately, that 
>>>>> does not
>>>>> often happen because the process is somewhat cumbersome.  To see my
>>>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>>>
>>>> Thank you for the response - but I'm asking a very basic question:
>>>> Does allowing cookies from a specific site allow cookies from 
>>>> "subsidiary" sites?  Same question when blocking cookies.
>>>
>>> If you allow cookies from the second level domain, then they would be 
>>> allowed from one of its specific third level domains as well.
>>>
>> Thank you.  Does the reverse apply - i.e. if I allow cookies from a
>> specific third level domain, are they allowed from the second level
>> domain?
> 
> No, not normally, unless you use a cookie handling extension that 
> specifically allows that.  For my part, there is no way I want that to 
> happen with a big domain.
> 

0
kakak
9/14/2018 2:49:12 PM
Thank you for the link, FRG.  I don't use the DM, nor the "Don't
allow websites that set removed cookies to set future cookies", so
I don't think the bug discussions apply.

I did, however, figure out the answer to my second question - if I
block all cookies, then allow them from e.g. https://aaa.bbb.ccc,
cookies from https://bbb.ccc are blocked, but aaa.bbb.ccc can set
cookies that say the domain is bbb.ccc - does that make sense?

On 2018-09-14 10:49 AM, kakak wrote:
> For some more insight how the permission api operates these days:
> 
> https://bugzilla.mozilla.org/show_bug.cgi?id=1479347
> 
> FRG
> EE wrote:
>> xxyyz wrote:
>>> On 2018-08-08 2:01 PM, EE wrote:
>>>> xxyyz wrote:
>>>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>>>>
>>>>>>
>>>>>> I use the following strategy.  I do not block all cookies.  
>>>>>> Instead, I
>>>>>> allow cookies only from the domain of the Web site I requested.  I 
>>>>>> have
>>>>>> also blocked cookies from selected Web sites, primarily advertising
>>>>>> sites that might have cookies set by my select Web sites.
>>>>>>
>>>>>> The key is that I located the file cookies.sqlite in my profile and
>>>>>> marked it as read-only.  All the cookies that get set as I surf 
>>>>>> the Web
>>>>>> are lost as soon as I terminate SeaMonkey.  That is, all of those
>>>>>> cookies are treated as session-only.
>>>>>>
>>>>>> Sometimes, however, I want to keep a cookie.  Fortunately, that 
>>>>>> does not
>>>>>> often happen because the process is somewhat cumbersome.  To see my
>>>>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>>>>
>>>>> Thank you for the response - but I'm asking a very basic question:
>>>>> Does allowing cookies from a specific site allow cookies from 
>>>>> "subsidiary" sites?  Same question when blocking cookies.
>>>>
>>>> If you allow cookies from the second level domain, then they would 
>>>> be allowed from one of its specific third level domains as well.
>>>>
>>> Thank you.  Does the reverse apply - i.e. if I allow cookies from a
>>> specific third level domain, are they allowed from the second level
>>> domain?
>>
>> No, not normally, unless you use a cookie handling extension that 
>> specifically allows that.  For my part, there is no way I want that to 
>> happen with a big domain.
>>
> 

0
xxyyz
9/15/2018 3:48:45 AM
xxyyz wrote:
> Thank you for the link, FRG.  I don't use the DM, nor the "Don't
> allow websites that set removed cookies to set future cookies", so
> I don't think the bug discussions apply.
> 
> I did, however, figure out the answer to my second question - if I
> block all cookies, then allow them from e.g. https://aaa.bbb.ccc,
> cookies from https://bbb.ccc are blocked, but aaa.bbb.ccc can set
> cookies that say the domain is bbb.ccc - does that make sense?
> 
> On 2018-09-14 10:49 AM, kakak wrote:
>> For some more insight how the permission api operates these days:
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1479347
>>
>> FRG
>> EE wrote:
>>> xxyyz wrote:
>>>> On 2018-08-08 2:01 PM, EE wrote:
>>>>> xxyyz wrote:
>>>>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>>>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>>>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>>>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>>>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>>>>>
>>>>>>>
>>>>>>> I use the following strategy.  I do not block all cookies. Instead, I
>>>>>>> allow cookies only from the domain of the Web site I requested.  I have
>>>>>>> also blocked cookies from selected Web sites, primarily advertising
>>>>>>> sites that might have cookies set by my select Web sites.
>>>>>>>
>>>>>>> The key is that I located the file cookies.sqlite in my profile and
>>>>>>> marked it as read-only.  All the cookies that get set as I surf the Web
>>>>>>> are lost as soon as I terminate SeaMonkey.  That is, all of those
>>>>>>> cookies are treated as session-only.
>>>>>>>
>>>>>>> Sometimes, however, I want to keep a cookie.  Fortunately, that does not
>>>>>>> often happen because the process is somewhat cumbersome.  To see my
>>>>>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>>>>>
>>>>>> Thank you for the response - but I'm asking a very basic question:
>>>>>> Does allowing cookies from a specific site allow cookies from "subsidiary" 
>>>>>> sites?  Same question when blocking cookies.
>>>>>
>>>>> If you allow cookies from the second level domain, then they would be 
>>>>> allowed from one of its specific third level domains as well.
>>>>>
>>>> Thank you.  Does the reverse apply - i.e. if I allow cookies from a
>>>> specific third level domain, are they allowed from the second level
>>>> domain?
>>>
>>> No, not normally, unless you use a cookie handling extension that 
>>> specifically allows that.  For my part, there is no way I want that to happen 
>>> with a big domain.
>>>
>>
> 

I didn't sleep this night

-- 
https://facebook.com/gerardjan.vinkesteijn
Karl's version of Parkinson's Law:  Work expands to exceed the time alloted it.

Fedora20
User agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 
SeaMonkey/2.49.4
Build identifier: 20180711183816

ps. family: https://vinkesteijn.com
0
GerardJan
9/15/2018 4:48:32 AM
The Data Manager just uses the permission manager. So the same limitations and 
same principal policy generally applies e.g. http://test.com will block only 
unsecure cookie requests from test.com not from the domain and so on.

FRG

xxyyz wrote:
> Thank you for the link, FRG.  I don't use the DM, nor the "Don't
> allow websites that set removed cookies to set future cookies", so
> I don't think the bug discussions apply.
> 
> I did, however, figure out the answer to my second question - if I
> block all cookies, then allow them from e.g. https://aaa.bbb.ccc,
> cookies from https://bbb.ccc are blocked, but aaa.bbb.ccc can set
> cookies that say the domain is bbb.ccc - does that make sense?
> 
> On 2018-09-14 10:49 AM, kakak wrote:
>> For some more insight how the permission api operates these days:
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1479347
>>
>> FRG
>> EE wrote:
>>> xxyyz wrote:
>>>> On 2018-08-08 2:01 PM, EE wrote:
>>>>> xxyyz wrote:
>>>>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>>>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>>>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>>>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>>>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>>>>>
>>>>>>>
>>>>>>> I use the following strategy.  I do not block all cookies. Instead, I
>>>>>>> allow cookies only from the domain of the Web site I requested.  I have
>>>>>>> also blocked cookies from selected Web sites, primarily advertising
>>>>>>> sites that might have cookies set by my select Web sites.
>>>>>>>
>>>>>>> The key is that I located the file cookies.sqlite in my profile and
>>>>>>> marked it as read-only.  All the cookies that get set as I surf the Web
>>>>>>> are lost as soon as I terminate SeaMonkey.  That is, all of those
>>>>>>> cookies are treated as session-only.
>>>>>>>
>>>>>>> Sometimes, however, I want to keep a cookie.  Fortunately, that does not
>>>>>>> often happen because the process is somewhat cumbersome.  To see my
>>>>>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>>>>>
>>>>>> Thank you for the response - but I'm asking a very basic question:
>>>>>> Does allowing cookies from a specific site allow cookies from 
>>>>>> "subsidiary" sites?  Same question when blocking cookies.
>>>>>
>>>>> If you allow cookies from the second level domain, then they would be 
>>>>> allowed from one of its specific third level domains as well.
>>>>>
>>>> Thank you.  Does the reverse apply - i.e. if I allow cookies from a
>>>> specific third level domain, are they allowed from the second level
>>>> domain?
>>>
>>> No, not normally, unless you use a cookie handling extension that 
>>> specifically allows that.  For my part, there is no way I want that to 
>>> happen with a big domain.
>>>
>>
> 

0
Frank
9/16/2018 4:15:26 PM
Reply: