[Bug] autodelete keeps deleting whitelisted cookies #1468
Comments
jettero
added
the
untested bug/issue
|
What other configuration do you have for those domain expressions. I wonder if Firefox thinks the tab is unloaded or something, or the site has a short expiry date set for that cookie... Is there any third-party SSO/login being used? Are you using containers and don't have that domain whitelisted on all containers? Some data may not be stored as cookies. If they're not stored as cookies, you would need to white list this on all containers unless you're not enabling the cleanup of the other browsing site data types. |
|
These are all good questions. I tried to check them as carefully as I could before I even posted... There's no SSO involved. I can't quite read the debug logs meaningfully -- and can't bring myself to paste them without cleaning them up somehow -- but it sure looks to me like the cookies are variously in "scaleitup.pagerduty.com" and ".pagerduty.com" ... everything is https (cookies and site) and the expirations are rational looking. Keep in mind, the little colored log in the normal user interfaces actually says it removed cookies from pagerduty.com ... The debug log said this too, but I found it less convincing cuz I don't know how to read it. |
|
Are there any other web extensions that might alter/adjust the tab urls when it is not active? You can try to filter the debug logs with the domain and see whereabouts it was deleted - there should be lines that indicate why it was removed in there. |
|
I have tons of other plugins, yes, but for the most part I know what they're doing, and URL rewriting isn't part of it. It's also the case that this is the only site for which I have any cookie problems at all. I'm also convinced it's AutoDelete that's doing it because it says it's removing stuff right below the whitelists. I wanna be crystal clear about this... Previous to this problem on this one website... AutoDelete has been completely perfect for me for like a decade. (Ok, I don't know how long, but a long time.) If the debug logs say why it's doing things ... then I'm not sure what I'm lookiing for... I found entries like this for pagerduty.com and scaleitup.pagerduty.com ... and I found a couple other things that look maybe relevant...
And the whole reason I'm here looks like this:
|
|
You should be able to click on the log entries to get more details on what cookies and site data are cleaned. Judging by the console line you referenced, it didn't clean the cookies relating to that domain, but rather some of the site data for that domain, which usually only happens if you are using containers and have accessed that domain on a container that doesn't have a whitelist expression configured with that domain. Normally |
|
False. It cleaned the cookies from the non-container that the page was in. It says it did it, and it did and the cookies are gone. This is very easy for me to reproduce now. I just watch part of a youtube video (in the same non-container, but different tab). Then I go back and refresh the incidents page with their link -- I believe the browser refresh button also works, but that's not what I've been doing -- and violla... it bahleets all the cookies from the site:
I have the same page open on my work computer -- where I do not have the cookie autodelete plugin. The cookies never expire like this without logging out. It's most certainly autodelete deleting the cookies 100% for sure. ... and it's most definitely the same domain names from the various whitelists above. Clearly something is wrong, because I don't have this problem with any other sites in any other container tabs... it's something specific to this site near as I can tell, but it makes no sense to me whatsoever. |
|
I just disabled the auto-clean for now... I'm willing to conduct other tests... and if there was a private channel, I could share my debug log. I just don't wanna post it in public. |
|
So it didn't remove the cookies, which is as expected (though I can't be certain as your screenshot is cut off, so it doesn't show what cookies are removed), but rather the other browsing site data for that domain, which in your case is most likely due to pagerduty.com not having a whitelist configuration on other containers/non-container but the domain was opened/visited on those containers. This is currently as expected due to limited webextension API functionality, as we can only scan through cookies for domains. All other browsing data types to clean up requires us to already know the domain beforehand (i.e. cannot scan through any of the other site data types to see what domains are storing stuff). Thus you will need to create pagerduty.com whitelist on all containers and non-container as well. (the non-container is still a container, called default). The more recent versions of Firefox may have allowed us to specify which container to clean up certain browsing site data for, but ultimately when they released the functionality, it is applied to ALL containers / could not filter/specify which container to clean other browsing site data from. Other browsing data types are NOT the same as cookies. |
|
hrm. I don't recall opening it in any other container... but it's possible especially considering the firefox settings sync may have imported something I forgot about from a year ago ... frog knows. Lemme play with this and report back. |
|
Is there any way to tell which containers need additional whitelisting? I tried whitelisting it in the only other container I think may have been applicable in ages past... In in any case, the red text you're looking for -- didn't see that down there, sorry -- does show it bahleeted cookies due to expiration (which is another thing you mentioned before). It still jacks up the cookies on clean. I wonder if I should bottom out my settings for this plugin and start from scratch. Seems like a lot of work... |
Ah yes there's a bug I fixed with expired cookies and other site data. That'll be available in the next version. In the meantime, you can try to disable the cleanup of expired cookies and see how that goes. Unfortunately I don't set the expiry of those cookies - guess those cookies are short-lived. Not much we can do as once they're expired they're not shown again to the client anyway. |
|
Oh, there's actually a fix coming for this? That's glorious. I'll just leave the autoclean disabled for my on-call rotation, since it only affects this one site (for me). |
kennethtran93
added
duplicate
|
Closing as duplicate of other expired cookies + other browsing site data issues now. |
|
3.8.2 has been released (on GitHub) and will be updated on browsers when the webextension team has approved it. |
Acknowledgements
Describe the bug
I'm on call, so I have https://scaleitup.pagerduty.com/incidents open all day. Occasionally, without even leaving the page (although usually after sitting on a youtube tab for a while...) AutoDelete will log that it deleted the scaleitup.pagerduty.com cookies even though I have *.pagerduty.com, scaleitup.pagerduty.com, and *.scaleitup.pagerduty.com all three white listed.
I suspect there's some problem with globbing vs sub.sub.domains, but that's just a guess.
If you're curious, the results in moments of terror when I suddenly see all the triggered events for "all teams." Holy crap. Then I click "My Teams" and things go back to normal. If I disable the cookie auto scrubbing, pager duty will remember I want "all teams" all day. If I re-enable the cookie scrubber, then watching a youtube or two will ... delete the cookies and scare me again.
To Reproduce
I can easily reproduce this by just using pagerduty normally during my on-call shifts.
Expected Behavior
don't delete cookies for domains that are whitelisted.
Screenshots
No response
System Info - Operating System (OS)
loonix
System Info - Browser Info
firefox 107.0.1
System Info - CookieAutoDelete Version
3.8.1
Additional Context
No response
The text was updated successfully, but these errors were encountered: