Firefox settings ?????s

[Palancar]

I don't know if this is possible using Firefox 11. Normally I run in private browsing with all cookies gone as soon as I close the browser. I am in the habit of closing the browser between sites so that each site is approached with no cookies or history to "view" capture.

On one of my home computers I would like to be able to set Firefox to permanently save (can manually delete of course) cookies from 2 sites but have all other cookies and history disappear when I close the browser. These sites use https and its a small pain gaining access if cookies for them are gone so that I have to authenticate again.

I am willing to accept the security implications of recording these few cookies and its a tradeoff for the convenience of having them. That is my decision.

Is there a way to config Firefox 11 to do this? I can't figure it out. If not an "out of the box" method, any other suggestions??

[JRViejo]

Quote:

Originally Posted by Palancar

Is there a way to config Firefox 11 to do this?

Palancar, you can Use custom settings for history to accept cookies from sites. Click the Exceptions button next to Accept cookies from sites.

You can also do the opposite of Block cookies for a single site and instead of block, you can allow. Hope the info helps.

[Palancar]

I understand those settings.

The issue is that I want to accept cookies from sites/forums when I connect to them. I want general cookies to delete when I close the browser. That is the easy and "out of the box" configuration. So if I close FF between sites the next site won't see any cookies in general.

My twist is that I want to retain the cookies from ONLY 2 sites so that I don't have to go through an "authentication" process every time. I don't save the sites' passwords but its a three step process to get into my bank on a computer without my authentication/cookies saved to the browser.

I can very clearly see how to allow only those 2 sites' cookies, but I want and sometimes need to accept cookies from other forums I visit.

So is there any way to retain ONLY these "special" cookies and automatically delete all other cookies by closing FF 11??

[Wroll]

JR didn't explained everything.

Go to the 'Privacy' settings, select Use custom settings for history, check Accept cookies (optional Accept third party cookies), select from the drop down menu 'Keep until I close Firefox'. Make sure, if the 'Clear history when Firefox when exit' box is checked, you have the cookies box unchecked. Now go to the website you always want to keep cookies, right click, view page info, permissions, set cookies to allow.


Or just install Cookie Monster addon, set your browser to reject cookies by default, set the two desired website to allow cookies and the rest of them to allow only session cookies.

[Palancar]

Thats what I needed. Thanks.

I printed this thread out. I'll get to my home computer in the next day or so and give this a try. Sounds easy.

[Palancar]

Thanks again. FF accepted the settings you mentioned above. Worked like a champ!! I downloaded cookie monster but haven't looked at it yet. Seems that FF is doing what I need without the addon.

[gorperon]

Why not have Firefox default to blocking cookies and make exceptions to allow those that you need? That way, you have no unwanted cookies.

[Palancar]

gorperon,

The problem is that many sites require cookies to work properly. I don't mind allowing SESSION ONLY cookies but I would want those to disappear when I close FF. At the same time I want to maintain certain site cookies. That is why your suggestion didn't work for me. I tried it long ago.

Update:

I am now using an isolated approach by setting Firefox with profile manager. I created a specific profile and icon shortcut to open that profile for my cookie retention sites. Easy to do by adding -P -no-remote "profile name" to the end of the properties target on the icon. By clicking this icon I load a separate isolated instance of FF where the cookies all stay and cannot be seen by the general/default profile sites using FF. This means I have two FF icons on the desktop. The bookmarks are individual and I have the default profile delete all cookies when I close the browser.

I simply view my special sites using the isolated FF instance. I access them using bookmarks so I don't make a mistake and connect to a general site url. This method is sure fire and FF is already setup for this approach using simple command line instructions. Easy and slick for what I need.

[klarm]

hi everyone. My first post here at wilders. It's a great forum and a place of allot of knowledge .

I came across a nice add-on today for cookies that I'm going to use cos my FF is configured to flush everything once I close it and I visit allot of forums of different topic so It's a PITA to login to each one all the time.

Anyway, the one I'm talking about is Cookie Manager+. I login to all the forums I need, and then export to a readme file (encrypted) and each time I open FF, I import this file with about 20-30 cookies/logins.

cheers.

[tlu]

Quote:

Originally Posted by Palancar

I am now using an isolated approach by setting Firefox with profile manager. I created a specific profile and icon shortcut to open that profile for my cookie retention sites. Easy to do by adding -P -no-remote "profile name" to the end of the properties target on the icon. By clicking this icon I load a separate isolated instance of FF where the cookies all stay and cannot be seen by the general/default profile sites using FF. This means I have two FF icons on the desktop. The bookmarks are individual and I have the default profile delete all cookies when I close the browser.

I simply view my special sites using the isolated FF instance. I access them using bookmarks so I don't make a mistake and connect to a general site url. This method is sure fire and FF is already setup for this approach using simple command line instructions. Easy and slick for what I need.

Well, I'd rather call it overkill. Why don't you implement what was suggested in post #4 by Wroll? Just allow session cookies by default and allow permanent cookies for selected sites. Much easier and exactly what you wanted.

[PaulyDefran]

I like Cookie Monster. Default action is 'Rejected' and then I allow permanent or session based on the site. Everything seems to be set properly and I have nothing untoward in the cookie folder. It's easy. It also deletes cookies and resets them when you change the permission level. All cookie options in FF are unchecked...the add on does it all.

PD

[tlu]

Quote:

Originally Posted by PaulyDefran

I like Cookie Monster. Default action is 'Rejected'

Well, it depends. You can choose to block all cookies, but otherwise the default action of Cookie Monster corresponds to the default cookie settings in Firefox.

[PaulyDefran]

Yes, I forgot that the first thing I do after install is check the 'Block all cookies' box. Thanks.

PD

[Palancar]

I was doing what Wroll suggested and it worked fine. His suggestion worked like a champ.

Every once and awhile my thoughts lean protective/paranoid. So I was thinking that if I log into a general purpose website while cruising around and pick up a "bad" cookie/"cootie" that likes to call home, spy, etc.... it would be unable to detect or view any of my wanted cookies since they are hidden in a protected folder in an unconventional place on the drive.

I know we all use Firewalls, AV and other products to isolate and keep stuff from calling home and/or acquiring "cooties".

To me this seemed like a logical step and is simply an addition/fortification of the overall process of security. When I log into my bank the special FF instance is isolated and further the connection to the institution is SSL as well.

I spend much more time using the default profile for cruising around and reading stuff. I simply close the browser between sites to flush activity and start fresh at the next site, while on the default FF profile.

This configuration is comfortable for me, and was easy to setup. I like it. It may seem like overkill but it actually only took a few minutes to arrange. From here on out its a private isolated instance, which is accessed by a simple mouse click, that FF code is written to handle by its designers. The FF programmers/developers would not have placed the command line options in the code if they didn't see a possible need/reason to use such an approach. My .02

[tlu]

Quote:

Originally Posted by Palancar

Every once and awhile my thoughts lean protective/paranoid. So I was thinking that if I log into a general purpose website while cruising around and pick up a "bad" cookie/"cootie" that likes to call home, spy, etc.... it would be unable to detect or view any of my wanted cookies since they are hidden in a protected folder in an unconventional place on the drive.

That's a misconception. I suggest that you read https://en.wikipedia.org/wiki/HTTP_cookie . There are no "bad cookies" per se that "spy" or "call home". Basically, a cookie can only be read by the domain that set it - unless it's a 3rd party cookie used by many trackers (that's why one should block 3rd party cookies by default in FF and other browsers). And it's also a good idea to use session cookies by default and to allow permanent cookies only for selected sites.

There is the danger of cookie theft mainly through cross-site scripting (XSS) vulnerabilities. That's why you should use Noscript: Even if you allow scripting and plugins for all domains (not recommended!), Noscript still protects you against XSS, Clickjacking etc.

[Palancar]

I was thinking of "clickjacking".

Additionally I have been amazed by watching the "spider" network displayed via the Collusion FF add-on. The add-on is not on my security machine but those concerns also are addressed by a separate instance of FF.

Let me also say that I realize the collusion "third party cookie" tracking is just that -- third party cookies.

I really appreciate the responses this group has given here. I learn something every day when I read around and think about network/computer config's. Its fun too.