Tor Browser will not save Exceptions in the Firefox cookie manager

added component::applications/tor browser gitlab-tb-torbutton owner::tbb-team priority::medium reporter::toruser23 severity::normal status::new tbb-torbutton type::defect labels

Do you have steps to reproduce your problem? What did you try?

Trac:
Cc: N/A to gk
Owner: erinn to mikeperry
Component: Tor bundles/installation to TorBrowserButton
Keywords: TBB, Torbutton deleted, N/A added

Replying to gk:

Do you have steps to reproduce your problem? What did you try?

I tried adding a cookie exception it wasn't there after I restarted the browser...

Trac:
Username: toruser23

Firefox mentions exceptions on this help page if anyone has trouble finding them: https://support.mozilla.org/en-US/kb/websites-say-cookies-are-blocked-unblock-them

Trac:
Username: toruser23

Trac:
Keywords: N/A deleted, tbb-torbutton added
Owner: mikeperry to tbb-team
Component: TorBrowserButton to Tor Browser

#15634 (moved) is a duplicate.

Trac:
Reviewer: N/A to N/A
Severity: N/A to Normal
Sponsor: N/A to N/A

Seems to still be an issue as we just had a user showing up on IRC reporting it.

Trac:
Summary: Regression: Torbutton 1.6.6.0 will not save Exceptions in the Firefox cookie manager to Tor Browser will not save Exceptions in the Firefox cookie manager

But this is by design. Permissions (all site exceptions are kept in permissions.sqlite) are disabled from writing to disk, and are memory only

permissions.memory_only = true

I feel like I'm missing the point, since this ticket has been open for 6 years

Replying to Thorin:

But this is by design. Permissions (all site exceptions are kept in permissions.sqlite) are disabled from writing to disk, and are memory only

permissions.memory_only = true

I feel like I'm missing the point, since this ticket has been open for 6 years

Originally, the ticket has meant something slightly different as Torbutton back in the day had the option to save cookies across sessions if the user chose that option.

However, even if that's not the case today anymore the current situation is still a bug. We need to decide where the bug is, though (I am not sure what the expected behavior in vanilla PBM is but I assume cookies can retained across sessions. Maybe should follow that model? Or maybe we should adapt the UI if permissions.memory_only is set to true making it clear there is no across-sessions-thing. Or maybe the bug is something else). However, offering the option to save exceptions across restarts and not following along to the surprise of users is clearly sub-optimal.

Replying to gk:

We need to decide where the bug is, though (I am not sure what the expected behavior in vanilla PBM is but I assume cookies can retained across sessions.

No. Cookies (and without double checking, sessionStorage, localStorage) in PBMode are memory only. You can test by checking the cookies.sqlite file in normal mode vs PB mode

Moot anyway, since this is about permissions, not the actual persistent data :)

The distinction here is persistent "web data" vs "user data/settings" and they are different threat models (browsing the web vs having your OS compromised): e.g. PBMode allows bookmarks, passwords, site exceptions etc to be retained, but not history (AFAIK: there have been changes to PBMode in this regard since 68, but I'd have to dig them up). We don't stop people creating bookmarks for usability reasons, so why should we stop other "user" data.

I honestly think this should be distinguished (web vs user) and relevant pref(s) flipped - maybe in the slider (but permissions.memory_only at least requires a restart = too messy)

At the very least, be consistent about disk writes: because it seems like a mixed message here.

Trac:
Keywords: N/A deleted, gitlab-tb-torbutton added

mentioned in issue #15634 (moved)

mentioned in issue #18231 (moved)

moved to tpo/applications/torbutton#11206 (closed)

Tor Browser will not save Exceptions in the Firefox cookie manager

Child items ...

Activity