Blocking/Allowing Cookies

If I block all cookies (Preferences/Privacy & Security\Cookies/
Block cookies), then allow session cookies from https://aaa.bbb
(in chrome://communicator/content/permissions/cookieViewer.xul),
are session cookies allowed from https://xxx.aaa.bbb?
0
xxyyz
8/4/2018 5:09:10 PM
mozilla.support.seamonkey 12906 articles. 0 followers. Post Follow

10 Replies
24 Views

Similar Articles

[PageSpeed] 54

On 8/4/2018 10:09 AM, xxyyz wrote:
> If I block all cookies (Preferences/Privacy & Security\Cookies/
> Block cookies), then allow session cookies from https://aaa.bbb
> (in chrome://communicator/content/permissions/cookieViewer.xul),
> are session cookies allowed from https://xxx.aaa.bbb?
> 

I use the following strategy.  I do not block all cookies.  Instead, I
allow cookies only from the domain of the Web site I requested.  I have
also blocked cookies from selected Web sites, primarily advertising
sites that might have cookies set by my select Web sites.

The key is that I located the file cookies.sqlite in my profile and
marked it as read-only.  All the cookies that get set as I surf the Web
are lost as soon as I terminate SeaMonkey.  That is, all of those
cookies are treated as session-only.

Sometimes, however, I want to keep a cookie.  Fortunately, that does not
often happen because the process is somewhat cumbersome.  To see my
process, go to <http://www.rossde.com/internet/cookies.html#doabout>.

-- 
David E. Ross
<http://www.rossde.com>

Too often, Twitter is a source of verbal vomit.  Examples include Donald
Trump and Roseanne Barr.
0
David
8/4/2018 6:32:30 PM
On 2018-08-04 2:32 PM, David E. Ross wrote:
> On 8/4/2018 10:09 AM, xxyyz wrote:
>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>> Block cookies), then allow session cookies from https://aaa.bbb
>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>> are session cookies allowed from https://xxx.aaa.bbb?
>>
> 
> I use the following strategy.  I do not block all cookies.  Instead, I
> allow cookies only from the domain of the Web site I requested.  I have
> also blocked cookies from selected Web sites, primarily advertising
> sites that might have cookies set by my select Web sites.
> 
> The key is that I located the file cookies.sqlite in my profile and
> marked it as read-only.  All the cookies that get set as I surf the Web
> are lost as soon as I terminate SeaMonkey.  That is, all of those
> cookies are treated as session-only.
> 
> Sometimes, however, I want to keep a cookie.  Fortunately, that does not
> often happen because the process is somewhat cumbersome.  To see my
> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
> 
Thank you for the response - but I'm asking a very basic question:
Does allowing cookies from a specific site allow cookies from 
"subsidiary" sites?  Same question when blocking cookies.
0
xxyyz
8/7/2018 5:00:16 PM
xxyyz wrote:
> On 2018-08-04 2:32 PM, David E. Ross wrote:
>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>> Block cookies), then allow session cookies from https://aaa.bbb
>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>
>>
>> I use the following strategy.� I do not block all cookies.� Instead, I
>> allow cookies only from the domain of the Web site I requested.� I have
>> also blocked cookies from selected Web sites, primarily advertising
>> sites that might have cookies set by my select Web sites.
>>
>> The key is that I located the file cookies.sqlite in my profile and
>> marked it as read-only.� All the cookies that get set as I surf the Web
>> are lost as soon as I terminate SeaMonkey.� That is, all of those
>> cookies are treated as session-only.
>>
>> Sometimes, however, I want to keep a cookie.� Fortunately, that does not
>> often happen because the process is somewhat cumbersome.� To see my
>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>
> Thank you for the response - but I'm asking a very basic question:
> Does allowing cookies from a specific site allow cookies from 
> "subsidiary" sites?� Same question when blocking cookies.

If you allow cookies from the second level domain, then they would be 
allowed from one of its specific third level domains as well.

0
EE
8/8/2018 6:01:48 PM
On 8/7/2018 12:00 PM, xxyyz wrote:
> On 2018-08-04 2:32 PM, David E. Ross wrote:
>> 
> Thank you for the response - but I'm asking a very basic question:
> Does allowing cookies from a specific site allow cookies from 
> "subsidiary" sites?  Same question when blocking cookies.

It depends on how the cookie is created.  From 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie:

Domain=<domain-value> Optional
     Specifies those hosts to which the cookie will be sent. If not 
specified, defaults to the host portion of the current document location 
(but not including subdomains). Contrary to earlier specifications, 
leading dots in domain names are ignored. If a domain is specified, 
subdomains are always included.

If you allow cookies from yyy.zzz and a cookie is created without the 
optional "Domain" parameter cookies from xxx.yyy.zzz are not allowed. 
They ARE allowed if the Domain is specified.

Lem Johnson
0
Lemuel
8/8/2018 6:10:34 PM
On 2018-08-08 2:10 PM, Lemuel Johnson wrote:
> On 8/7/2018 12:00 PM, xxyyz wrote:
>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>
>> Thank you for the response - but I'm asking a very basic question:
>> Does allowing cookies from a specific site allow cookies from 
>> "subsidiary" sites?  Same question when blocking cookies.
> 
> It depends on how the cookie is created.  From 
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie:
> 
> Domain=<domain-value> Optional
>      Specifies those hosts to which the cookie will be sent. If not 
> specified, defaults to the host portion of the current document location 
> (but not including subdomains). Contrary to earlier specifications, 
> leading dots in domain names are ignored. If a domain is specified, 
> subdomains are always included.
> 
> If you allow cookies from yyy.zzz and a cookie is created without the 
> optional "Domain" parameter cookies from xxx.yyy.zzz are not allowed. 
> They ARE allowed if the Domain is specified.
> 
> Lem Johnson
Thank you.  I think I understand this.

Another question (sort of the previous one in reverse):
If I block all cookies and allow cookies from https://aaa.xxx.yyy,
are cookies from https://xxx.yyy allowed?  I assumed not, but I've
seen several cases where Cookie Manager lists cookies from the
latter.  Does this also depend on whether or not the Domain is
specified in the cookie?

0
xxyyz
8/9/2018 12:32:35 AM
On 2018-08-08 2:01 PM, EE wrote:
> xxyyz wrote:
>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>
>>>
>>> I use the following strategy.  I do not block all cookies.  Instead, I
>>> allow cookies only from the domain of the Web site I requested.  I have
>>> also blocked cookies from selected Web sites, primarily advertising
>>> sites that might have cookies set by my select Web sites.
>>>
>>> The key is that I located the file cookies.sqlite in my profile and
>>> marked it as read-only.  All the cookies that get set as I surf the Web
>>> are lost as soon as I terminate SeaMonkey.  That is, all of those
>>> cookies are treated as session-only.
>>>
>>> Sometimes, however, I want to keep a cookie.  Fortunately, that does not
>>> often happen because the process is somewhat cumbersome.  To see my
>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>
>> Thank you for the response - but I'm asking a very basic question:
>> Does allowing cookies from a specific site allow cookies from 
>> "subsidiary" sites?  Same question when blocking cookies.
> 
> If you allow cookies from the second level domain, then they would be 
> allowed from one of its specific third level domains as well.
> 
Thank you.  Does the reverse apply - i.e. if I allow cookies from a
specific third level domain, are they allowed from the second level
domain?
0
xxyyz
8/9/2018 12:36:55 AM
On 8/8/2018 7:32 PM, xxyyz wrote:
> On 2018-08-08 2:10 PM, Lemuel Johnson wrote:
>> On 8/7/2018 12:00 PM, xxyyz wrote:
>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>
>>> Thank you for the response - but I'm asking a very basic question:
>>> Does allowing cookies from a specific site allow cookies from 
>>> "subsidiary" sites?  Same question when blocking cookies.
>>
>> It depends on how the cookie is created.  From 
>> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie:
>>
>> Domain=<domain-value> Optional
>>      Specifies those hosts to which the cookie will be sent. If not 
>> specified, defaults to the host portion of the current document 
>> location (but not including subdomains). Contrary to earlier 
>> specifications, leading dots in domain names are ignored. If a domain 
>> is specified, subdomains are always included.
>>
>> If you allow cookies from yyy.zzz and a cookie is created without the 
>> optional "Domain" parameter cookies from xxx.yyy.zzz are not allowed. 
>> They ARE allowed if the Domain is specified.
>>
>> Lem Johnson
> Thank you.  I think I understand this.
> 
> Another question (sort of the previous one in reverse):
> If I block all cookies and allow cookies from https://aaa.xxx.yyy,
> are cookies from https://xxx.yyy allowed?  I assumed not, but I've
> seen several cases where Cookie Manager lists cookies from the
> latter.  Does this also depend on whether or not the Domain is
> specified in the cookie?
> 

A useful tool for evaluating the options:
https://scripts.cmbuckley.co.uk/cookies.php

Lem Johnson
0
Lemuel
8/9/2018 6:28:05 PM
xxyyz wrote:
> On 2018-08-08 2:01 PM, EE wrote:
>> xxyyz wrote:
>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>>
>>>>
>>>> I use the following strategy.� I do not block all cookies.� Instead, I
>>>> allow cookies only from the domain of the Web site I requested.� I have
>>>> also blocked cookies from selected Web sites, primarily advertising
>>>> sites that might have cookies set by my select Web sites.
>>>>
>>>> The key is that I located the file cookies.sqlite in my profile and
>>>> marked it as read-only.� All the cookies that get set as I surf the Web
>>>> are lost as soon as I terminate SeaMonkey.� That is, all of those
>>>> cookies are treated as session-only.
>>>>
>>>> Sometimes, however, I want to keep a cookie.� Fortunately, that does 
>>>> not
>>>> often happen because the process is somewhat cumbersome.� To see my
>>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>>
>>> Thank you for the response - but I'm asking a very basic question:
>>> Does allowing cookies from a specific site allow cookies from 
>>> "subsidiary" sites?� Same question when blocking cookies.
>>
>> If you allow cookies from the second level domain, then they would be 
>> allowed from one of its specific third level domains as well.
>>
> Thank you.� Does the reverse apply - i.e. if I allow cookies from a
> specific third level domain, are they allowed from the second level
> domain?

No, not normally, unless you use a cookie handling extension that 
specifically allows that.  For my part, there is no way I want that to 
happen with a big domain.

0
EE
8/9/2018 7:08:49 PM
On 2018-08-09 3:08 PM, EE wrote:
> xxyyz wrote:
>> On 2018-08-08 2:01 PM, EE wrote:
>>> xxyyz wrote:
>>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>> On 8/4/2018 10:09 AM, xxyyz wrote:
>>>>>> If I block all cookies (Preferences/Privacy & Security\Cookies/
>>>>>> Block cookies), then allow session cookies from https://aaa.bbb
>>>>>> (in chrome://communicator/content/permissions/cookieViewer.xul),
>>>>>> are session cookies allowed from https://xxx.aaa.bbb?
>>>>>>
>>>>>
>>>>> I use the following strategy.  I do not block all cookies.  Instead, I
>>>>> allow cookies only from the domain of the Web site I requested.  I 
>>>>> have
>>>>> also blocked cookies from selected Web sites, primarily advertising
>>>>> sites that might have cookies set by my select Web sites.
>>>>>
>>>>> The key is that I located the file cookies.sqlite in my profile and
>>>>> marked it as read-only.  All the cookies that get set as I surf the 
>>>>> Web
>>>>> are lost as soon as I terminate SeaMonkey.  That is, all of those
>>>>> cookies are treated as session-only.
>>>>>
>>>>> Sometimes, however, I want to keep a cookie.  Fortunately, that 
>>>>> does not
>>>>> often happen because the process is somewhat cumbersome.  To see my
>>>>> process, go to <http://www.rossde.com/internet/cookies.html#doabout>.
>>>>>
>>>> Thank you for the response - but I'm asking a very basic question:
>>>> Does allowing cookies from a specific site allow cookies from 
>>>> "subsidiary" sites?  Same question when blocking cookies.
>>>
>>> If you allow cookies from the second level domain, then they would be 
>>> allowed from one of its specific third level domains as well.
>>>
>> Thank you.  Does the reverse apply - i.e. if I allow cookies from a
>> specific third level domain, are they allowed from the second level
>> domain?
> 
> No, not normally, unless you use a cookie handling extension that 
> specifically allows that.  For my part, there is no way I want that to 
> happen with a big domain.
> 
Thank you.  That's what I thought, but
(a) I have no extensions (except AB+)
(b) I have all cookies blocked in preferences
(c) I allow session cookies from accounts.google.com and mail.google.com
(to occasionally access my one gmail account) in cookie manager
(d) When I access the gmail account via webmail, cookie manager shows
cookies from accounts.google.com and mail.google.com AND google.com??
0
xxyyz
8/10/2018 1:55:04 AM
On 2018-08-09 2:28 PM, Lemuel Johnson wrote:
> On 8/8/2018 7:32 PM, xxyyz wrote:
>> On 2018-08-08 2:10 PM, Lemuel Johnson wrote:
>>> On 8/7/2018 12:00 PM, xxyyz wrote:
>>>> On 2018-08-04 2:32 PM, David E. Ross wrote:
>>>>>
>>>> Thank you for the response - but I'm asking a very basic question:
>>>> Does allowing cookies from a specific site allow cookies from 
>>>> "subsidiary" sites?  Same question when blocking cookies.
>>>
>>> It depends on how the cookie is created.  From 
>>> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie:
>>>
>>> Domain=<domain-value> Optional
>>>      Specifies those hosts to which the cookie will be sent. If not 
>>> specified, defaults to the host portion of the current document 
>>> location (but not including subdomains). Contrary to earlier 
>>> specifications, leading dots in domain names are ignored. If a domain 
>>> is specified, subdomains are always included.
>>>
>>> If you allow cookies from yyy.zzz and a cookie is created without the 
>>> optional "Domain" parameter cookies from xxx.yyy.zzz are not allowed. 
>>> They ARE allowed if the Domain is specified.
>>>
>>> Lem Johnson
>> Thank you.  I think I understand this.
>>
>> Another question (sort of the previous one in reverse):
>> If I block all cookies and allow cookies from https://aaa.xxx.yyy,
>> are cookies from https://xxx.yyy allowed?  I assumed not, but I've
>> seen several cases where Cookie Manager lists cookies from the
>> latter.  Does this also depend on whether or not the Domain is
>> specified in the cookie?
>>
> 
> A useful tool for evaluating the options:
> https://scripts.cmbuckley.co.uk/cookies.php
> 
> Lem Johnson
Thank you, but I must be getting old as I could not figure out how to
use the tool.
0
xxyyz
8/10/2018 1:56:45 AM
Reply: