Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't get logins to save between sessions [solved: offlineApps sanitizing] #1291

Closed
Cnote43 opened this issue Dec 4, 2021 · 13 comments
Closed

Comments

@Cnote43
Copy link

Cnote43 commented Dec 4, 2021

  • browser version:
    Firefox Portable 94.0.2

  • Steps to Reproduce (STR)

  1. Create a brand new Firefox Portable instance
  2. Download user.js and updater.bat
  3. Copy user-overrides.js file from instance of non-portable Firefox that does save logins between sessions, with the following content:
click me for details

/**
 MY OVERRIDES
 */
user_pref("_user.js.parrot", "syntax error @ ARKENFOX DIFFS"); // troubleshooting pref - do not edit
/**/
user_pref("browser.link.open_newwindow", 1);                        // controls when new window/tab should be opened - 1=open links that open new windows in current tab, 2=open links that open new windows in new window, 3=open links that open new windows in new tab
user_pref("browser.sessionstore.interval", 9999999);                // [UNBREAK=(default value)] interval in seconds at which session data is stored (restore session after browser crash) - '9999999' essentially disables session store to reduce disk writes - previous opened tabs will still be restored on startup (see also: 'browser.startup.page')
user_pref("browser.startup.page", 3);                               // what to load when Firefox starts - 0=a blank page, 1=your home page, 2=the last visited page, 3=restore the previous session - note that the previous session will not be restored if 'privacy.clearOnShutdown.history' is set to 'false' and this should never be set to 'true' unless you use a storage cleaner like Cookie AutoDelete
user_pref("browser.startup.homepage", "moz-extension://e6275294-5918-4225-b8dc-2dc339f4c4f1/newTab/newTab.html");
user_pref("dom.security.https_only_mode_send_http_background_request", true);  // [PRIV=false] whether to send HTTP requests to the server to test if it supports HTTPS if the server doesn't respond within 3 seconds
user_pref("dom.serviceWorkers.enabled", true);                      // [UNBREAK=true] [*PRIV=false] Service Workers are scripts that run in the background - disabling this will disable some/most crypto-currency miners and potentially prevent other baddies, however this may also break some websites such as Google Maps - can set to 'true' and control workers per-domain with uBlock or uMatrix
user_pref("gfx.font_rendering.opentype_svg.enabled", true);         // [UNBREAK=true] [*PRIV=false] whether to allow rendering of SVG OpenType fonts - their use is not widespread but they can be used for such things as graphs
user_pref("privacy.clearOnShutdown.cookies", false);                // [PRIV=true] [*SAFE=false] whether to clear cookies on shutdown - as long as 'privacy.firstparty.isolate' is set to 'true' you can set this to 'false' - set to 'true' if sharing Firefox with another user
user_pref("privacy.clearOnShutdown.history", false);                // [*PRIV=true] whether to clear history on shutdown - set to 'true' if sharing Firefox with another user
user_pref("privacy.cpd.cookies", false);                            // whether to select cookies when clearing storage manually
user_pref("privacy.resistFingerprinting.letterboxing", false);      // [*PRIV=true] whether to use a generic viewport size to reduce fingerprinting entropy - the result will be that webpage content will not/may not fill the entire viewport (the part of the browser that displayes web content) - this is an important seting regarding privacy - setting to 'false' is likely to greatly increase ability of websites to fingerprint the browser
user_pref("security.OCSP.enabled", 0);                              // [PRIV=0] [*SAFE=1] when to use OCSP fetching to confirm validity of certificates - 0=disabled, 1=enabled, 2=enabled for EV certificates only - you should typically NOT disable this
user_pref("security.ask_for_password", 0);                          // [PRIV=1] when to ask for the master password - 0=the first time it's needed, 1=every time it's needed, 2=every n minutes where n is the value of security.password_lifetime.
user_pref("security.cert_pinning.enforcement_level", 0);            // [PRIV=0] [*SAFE=(1 or 2)] whether Firefox can check which certificate authorities issued SSL certificates for the site - 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict - 2 may cause key pinning (HPKP) errors; MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
user_pref("security.insecure_connection_text.enabled", false);      // whether to display "Not Secure" label in address bar in addition to insecure icon when visiting an insecure site
user_pref("security.mixed_content.block_display_content", false);   // [UNBREAK=false] [PRIV=true] whether to allow insecure (http) static content, such as images, on secure pages (https)
user_pref("security.pki.sha1_enforcement_level", 0);                // [UNBREAK=0] [*PRIV=1] how to handle depreciated SHA-1 certificates
user_pref("security.ssl.require_safe_negotiation", false);          // [UNBREAK=false] [*PRIV=true] whether to allow connections to servers that don't support SSL
user_pref("signon.formlessCapture.enabled", true);                  // [*SAFE=false] whether password manager can capture login credentials when a proper login form is not detected

/**
 * -----------------------
 * MY CUSTOM PREFERENCES
 * -----------------------
 */
user_pref("_user.js.parrot", "syntax error @ MY CUSTOM PREFERENCES");

user_pref("accessibility.tabfocus", 3);                             // which elements can be focused using the Tab key - 1=text fields, 2=all form fields except text, 4=links only (values can be added together)
user_pref("app.update.service.enabled", false);                     // [SET] [UNBREAK=true] whether to enable Firefox update service (Windows only)
user_pref("app.update.silent", false);                              // [SET] whether to show notifications when updates are applied
user_pref("app.update.staging.enabled", false);                     // [SET] [UNBREAK=true] whether to enable Firefox update staging - *TODO* - better description
user_pref("browser.bookmarks.editDialog.maxRecentFolders", 12);     // how many recent folders to display when adding a bookmark
user_pref("browser.bookmarks.max_backups", 5);                      // how many backups of bookmark to keep
user_pref("browser.cache.memory.enable", true);                     // [SET] [SAFE=true] whether to enable memory cache
user_pref("browser.cache.memory.capacity", -1);                     // memory cache size (KB) see: http://kb.mozillazine.org/Browser.cache.memory.capacity
user_pref("browser.cache.offline.enable", false);                   // [PRIV=false] whether to allow off-line caching
user_pref("browser.contentblocking.report.lockwise.enabled", false);    // [SET] [SAFE=true] [*PRIV=false] whether to enable Lockwise reporting of sites visited to check if they've been breached
user_pref("browser.contentblocking.report.monitor.enabled", false);     // [SET] [UNBREAK=true] *TODO* unsure - assumend to affect reporting of blocked content
user_pref("browser.display.use_document_fonts", 1);                 // [UNBREAK=1] [*PRIV=1] whether to allow websites to use fonts they specify - 0=no, 1=yes - setting this to '0' will uglify many websites, however this value can be easily flipped per-host with the Enforce Browser Fonts add-on - WARNING: setting this to '0' may increase entropy
user_pref("browser.download.autohideButton", true);                // whether to auto-hide the Downloads button
user_pref("browser.download.folderList", 1);                        // where to save downloaded files - 0=desktop 1=downloads 2=last used
user_pref("browser.download.forbid_open_with", false);              // whether to allow the `open with` option when downloading a file
user_pref("browser.link.open_newwindow.override.external", 3);      // open links from external programs in: 1=the current tab, 2=a new window, 3=a new tab
user_pref("browser.menu.showViewImageInfo", true);                  // whether to enable the context menu item to view image information
user_pref("browser.safebrowsing.allowOverride", false);             // whether to enable a prompt on safe browsing warnings
user_pref("browser.safebrowsing.blockedURIs.enabled", false);       // [SET] [SAFE=true] whether to use Mozilla's blocklist for known Flash tracking/fingerprinting - can set to 'false' if using uBlock with appropriate lists enabled
user_pref("browser.safebrowsing.downloads.enabled", false);         // [SET] [SAFE=true] whether to enable 'Safe Browsing', downloads (list of sites provided by Google) - can set to 'false' if using uBlock with appropriate lists enabled
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);              // [SET] [SAFE=true] whether to block dangerous downloads - can set to 'false' if using uBlock with appropriate lists enabled
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);         // [SET] [SAFE=true] whether to block dangerous websites - can set to 'false' if using uBlock with appropriate lists enabled
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);   // [SET] [SAFE=true] whether to block potentially unwanted downloads - can set to 'false' if using uBlock with appropriate lists enabled
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);               // [SET] [SAFE=true] whether to block uncommon downloads - can set to 'false' if using uBlock with appropriate lists enabled
user_pref("browser.safebrowsing.malware.enabled", false);           // [SET] [SAFE=true] whether to enable 'Safe Browsing', malware (list of sites provided by Google) - can set to 'false' if using uBlock with appropriate lists enabled
user_pref("browser.safebrowsing.phishing.enabled", false);          // [SET] [SAFE=true] whether to enable 'Safe Browsing', phishing (list of sites provided by Google) - can set to 'false' if using uBlock with appropriate lists enabled
user_pref("browser.safebrowsing.provider.google.gethashURL", "");   // [SET] [SAFE=(default value)] [PRIV=""] URL used to check integrity of safe browsing lists
user_pref("browser.safebrowsing.provider.google.reportURL", "");    // [SAFE=(default value)] [PRIV=""] URL where safe browsing reports are sent
user_pref("browser.safebrowsing.provider.google.updateURL", "");    // [SET] [SAFE=(default value)] [PRIV=""] URL where safe browsing lists are located
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");  // [SET] [SAFE=(default value)] [PRIV=""] URL used to check integrity of safe browsing lists
user_pref("browser.safebrowsing.provider.google4.reportURL", "");   // [PRIV=""] URL where safe browsing reports are sent
user_pref("browser.safebrowsing.provider.google4.updateURL", "");   // [SET] [SAFE=(default value)] [PRIV=""] URL where safe browsing lists are located
user_pref("browser.safebrowsing.reportPhishURL", "");               // [PRIV=""] URL where safe browsing reports are sent
user_pref("browser.search.widget.inNavBar", false);                  // [SET] whether to show the search bar on the navigation bar
user_pref("browser.sessionstore.cleanup.forget_closed_after", 600); // time in seconds after which Firefox 'forgets' about closed tabs
user_pref("browser.sessionstore.interval.idle", 9999999);           // [UNBREAK=(default value)] interval in seconds at which session data is stored when browser is idle (restore session after browser crash) - '9999999' essentially disables session store to reduce disk writes - previous opened tabs will still be restored on startup
user_pref("browser.sessionstore.max_tabs_undo", 15);                 // how many tabs that can be restored when restarting the browser if session restore is enabled, as well as how many closed tabs can be re-opened while browsing
user_pref("browser.tabs.allowTabDetach", false);                    // whether to enable the ability to 'detach' a tab by dragging it downward and having it open in a new window
user_pref("browser.tabs.closeWindowWithLastTab", false);            // whether to close the browser when the last tab is closed
user_pref("browser.tabs.loadDivertedInBackground", true);           // whether to keep Firefox in the background when loading a link from an external application
user_pref("browser.tabs.loadInBackground", true);                  // whether to focus new tabs opened from a link
user_pref("browser.tabs.warnOnClose", false);                       // whether you want to be bugged when you close multiple tabs
user_pref("browser.tabs.warnOnCloseOtherTabs", false);              // whether you want to be bugged when you close multiple tabs other than the one from which the option was invoked
user_pref("browser.tabs.warnOnOpen", false);                        // whether to warn when too many tabs are opened
user_pref("browser.triple_click_selects_paragraph", true);         // whether to select paragraphs on triple click
user_pref("browser.urlbar.autoFill", true);                         // whether to allow auto-complete of text entered in the location bar
user_pref("browser.urlbar.formatting.enabled", false);              // whether to highlight the base domain by dimming the rest of the URL
user_pref("browser.urlbar.suggest.openpage", false);                // whether to suggest currently open pages when entering text in the address bar
user_pref("devtools.aboutdebugging.showSystemAddons", true);        // whether to show system add-ons in about:debugging
user_pref("devtools.toolbox.zoomValue", "1.2");                     // size of content (fonts, etc.) in developer tool box
user_pref("dom.battery.enabled", false);                            // whether to allow websites to read battery status (dependant on JS)
user_pref("dom.block_download_insecure", false);                    // [SET] [*SAFE=true] [PRIV=true] whether to block downloads served over a non-secure protocol, such as HTTP
user_pref("dom.push.connection.enabled", false);                    // [UNBREAK=true] [*PRIV=false] *TODO* unknown - assumed to be related to push notifications
user_pref("dom.push.userAgentID", "");                              // user-agent ID for push services
user_pref("dom.webnotifications.enabled", true);                   // [UNBREAK=true] [*PRIV=false] whether to enable web notifications
user_pref("dom.webnotifications.serviceworker.enabled", true);     // [UNBREAK=true] [*PRIV=false] whether to enable background web notifications
user_pref("extensions.pocket.enabled", false);                      // [SET] [*PRIV=false] set to 'true' if you use the Pocket service, a "save for later" cloud service
user_pref("extensions.screenshots.upload-disabled", true);          // [SET] [*PRIV=true] disable screenshots uploading
user_pref("extensions.update.autoUpdateDefault", false);            // [SET] [*PRIV=false] whether to allow automatic installation of updated add-ons - i HIGHLY recommend setting this to 'false' and reading all change logs, etc., before installing add-on updates
user_pref("extensions.update.enabled", true);                      // [SET] [*SAFE=true] [UNBREAK=true] whether to enable automatic checking (not installation) for extension updates
user_pref("extensions.webextensions.restrictedDomains", "");        // [*UNBREAK=(default value)] [PRIV=""] a list of domains where WebExtensions (add-ons) are not allowed to run
user_pref("extensions.webextensions.userScripts.enabled", true);    // whether to enable the WebExtension API for user scripts (see: https://wiki.mozilla.org/WebExtensions/UserScripts)
user_pref("findbar.highlightAll", true);                            // whether to highlight all instances of search terms entered in the Find Bar
user_pref("font.name.serif.x-unicode", "Bitstream Vera Sans");      // font preference
user_pref("font.name.serif.x-western", "Bitstream Vera Sans");      // font preference
user_pref("full-screen-api.warning.delay", 0);                      // how long wait before displaying full screen warning
user_pref("full-screen-api.warning.timeout", 0);                    // how long to display a warning when a page enters full-screen mode
user_pref("general.autoScroll", false);                             // whether to enable auto-scrolling - WARNING: see note in 'arkenfox' user.js about this pref
user_pref("identity.fxaccounts.enabled", true);                    // [SET] [UNBREAK=true] [*PRIV=false] whether to enable Firefox Accounts and Sync - if you want to sync browser data between devices, consider using a self-hosted solution like NextCloud
user_pref("image.animation_mode", "once");                          // [SET] how to display animated GIF images - none=do not animate, once=play animation once, normal=play the animation normally
user_pref("layout.css.font-loading-api.enabled", true);             // [UNBREAK=true] [*PRIV=false] whether to enable CSS Font Loading API
user_pref("layout.css.scrollbar-color.enabled", false);             // whether to allow web pages to style scroll bars
user_pref("layout.css.scrollbar-width.enabled", false);             // whether to allow web pages to style scroll bars
user_pref("layout.spellcheckDefault", 2);                           // what to spell-check - 0=disabled, 1=enable for multi-line text controls, 2=enable for single and multi-line text controls
user_pref("mathml.disabled", true);                                 // [UNBREAK=false] [*PRIV=true] mathematical markup language - suggested to disable because of security concerns
user_pref("media.autoplay.default", 5);                             // [SET] media playback - 0=allow all, 1=block non-muted, 2=prompt (removed in FF66), 5=block all (FF69+)
user_pref("media.videocontrols.picture-in-picture.enabled", false); // [SET] whether to enable picture-in-picture functionality for video
user_pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false); // [SET] whether to enable picture-in-picture control for video
user_pref("middlemouse.paste", false);                               // whether to allow pasting with middle mouse button (Linux) - WARNING: do NOT set to 'true' if 'general.autoScroll' is enabled
user_pref("mousewheel.with_shift.action", 3);                       // what to do when Shift key is used with the mouse wheel - 0=do nothing, 1=scroll contents, 2=go back or forward in history, 3=zoom contents in or out
user_pref("network.manage-offline-status", false);                  // whether to auto-enter work off-line mode if network drops
user_pref("network.cookie.lifetimePolicy", 0);                      // how long to keep cookies - 0=until they expire, 2=until browser close
user_pref("network.trr.mode", 0);                                   // [SET] [UNBREAK=(default value)] whether to enable Trusted Recursive Resolver (DNS over HTTPS) - 0=standard mode, 1=let Firefox choose fastest method, 2=encrypted DNS with unencrypted fallback, 3=encrypted DNS only, 4=for testing, 5=essentially same as '0' - it is strongly suggested to encrypt DNS lookups by setting this to 2 or 3 unless you are encrypting DNS another way or using an encrypted VPN which also offers DNS - IMPORTANT! enabling this alone does not provide DNS encryption, see: https://tinyurl.com/ycp3cbbp
user_pref("nglayout.enable_drag_images", false);                    // whether to allow image dragging - also seems to have an effect on highlighting and dragging text - this feature can be very annoying
user_pref("privacy.trackingprotection.cryptomining.enabled", false); // [SET] [*SAFE=true] whether to enable cryptomining protection - this is probably better handled by uBlock and appropiate filter lists
user_pref("privacy.trackingprotection.pbmode.enabled", false);      // [SET] [*SAFW=true] whether to enable tracking protection in Private Browsing mode - can set to 'false' if using uBlock with appropriate lists enabled
user_pref("reader.parse-on-load.enabled", false);                   // whether to create the Reader View version of page when page is first loaded
user_pref("security.osclientcerts.autoload", true);                 // [SET] whether to use security certificates provided by the OS (Windows, Mac - Linux support is unknown at this time)
user_pref("signon.generation.enabled", false);                      // [*SAFE=true] whether to suggest and generate strong passwords
user_pref("signon.management.page.breach-alerts.enabled", false);   // [SET] [*SAFE=true] [PRIV=false] whether to display an alert when you visit a website for which log-on credentials are stored which has been previously breached
user_pref("startup.homepage_override_url", "");                     // [PRIV=""] 'What's New' page after browser update
user_pref("startup.homepage_welcome_url", "");                      // [PRIV=""] 'Welcome' URL
user_pref("startup.homepage_welcome_url.additional", "");           // [PRIV=""] 'Welcome' URL, additional
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // (ff 69+) whether to allow styling chrome with userChrome.css
user_pref("ui.caretWidth", 2);                                      // width of the blinking caret in edit controls
user_pref("ui.popup.disable_autohide", false);                      // (for developers) useful if you forget to disable 'Disable Popup Auto-Hide' option in Browser Toolbox
user_pref("view_source.wrap_long_lines", true);                     // whether to wrap long lines when viewing page source
user_pref("widget.disable-dark-scrollbar", true);                   // whether to disable dynamically colored scroll bars
user_pref("browser.link.open_newwindow", 3);                        // controls when new window/tab should be opened - 1=open links that open new windows in current tab, 2=open links that open new windows in new window, 3=open links that open new windows in new tab
user_pref("security.OCSP.enabled", 1);                              // [PRIV=0] [*SAFE=1] when to use OCSP fetching to confirm validity of certificates - 0=disabled, 1=enabled, 2=enabled for EV certificates only - you should typically NOT disable this
user_pref("signon.formlessCapture.enabled", false);                  // [*SAFE=false] whether password manager can capture login credentials when a proper login form is not detected
/* 0103: set HOME+NEWWINDOW page
 * about:home=Activity Stream (default, see 0105), custom URL, about:blank
 * [SETTING] Home>New Windows and Tabs>Homepage and new windows ***/
user_pref("browser.startup.homepage", "https://molf-whoogle.herokuapp.com");
/* 0808: disable tab-to-search [FF85+]
 * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
 * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
user_pref("browser.urlbar.suggest.engines", false);
/* 5003: disable saving passwords
 * [NOTE] This does not clear any passwords already saved
 * [SETTING] Privacy & Security>Logins and Passwords>Ask to save logins and passwords for websites ***/
user_pref("signon.rememberSignons", false);

/**
 * media preferences
 */
/* disable WebRTC audio post processing (https://wiki.archlinux.org/title/Firefox/Tweaks#Disable_WebRTC_audio_post_processing) */
user_pref("media.getusermedia.aec_enabled", false);                 // microphone echo cancellation
user_pref("media.getusermedia.agc_enabled", false);                 // microphone automatic gain control
user_pref("media.getusermedia.noise_enabled", false);               // microphone noise supression
user_pref("media.getusermedia.hpf_enabled", false);                 // microphone highpass filter

/**
 SUCCESS MESSAGE
 */
user_pref("_user.js.parrot", "SUCCESS! OVERRIDES LOADED"); // troubleshooting pref - do not edit

  1. Alternatively I tried using a user-overrides.js file that only contained the override recipes for the "enable session restore" and "keep cookie + site data exceptions on close" override recipes :
/*** MY OVERRIDES ***/
user_pref("_user.js.parrot", "overrides section syntax error");

/* override recipe: enable session restore ***/
user_pref("browser.startup.page", 3); // 0102
  // user_pref("browser.privatebrowsing.autostart", false); // 0110 required if you had it set as true
  // user_pref("places.history.enabled", true); // 0862 required if you had it set as false
  // user_pref("browser.sessionstore.privacy_level", 0); // 1003 optional [to restore cookies/formdata]
  // user_pref("network.cookie.lifetimePolicy", 0); // 2801  optional [so cookies persist]
user_pref("privacy.clearOnShutdown.history", false); // 2811
  // user_pref("privacy.clearOnShutdown.cookies", false); // 2811 optional: default false arkenfox v94
  // user_pref("privacy.clearOnShutdown.formdata", false); // 2811 optional
user_pref("privacy.cpd.history", false); // 2812 to match when you use Ctrl-Shift-Del
  // user_pref("privacy.cpd.cookies", false); // 2812 optional: default false arkenfox v94
  // user_pref("privacy.cpd.formdata", false); // 2812 optional

/* override recipe: keep some cookies (+ other optional site data) on exit ***/
user_pref("network.cookie.lifetimePolicy", 2); // 2801
user_pref("privacy.clearOnShutdown.cookies", false); // 2811
  // user_pref("privacy.clearOnShutdown.offlineApps", false); // 2811 optional
user_pref("privacy.cpd.cookies", false); // 2812 Ctrl-Shift-Del
  // user_pref("privacy.cpd.offlineApps", false); // 2812 Ctrl-Shift-Del optional
  1. Run updater.bat
  2. Open Firefox Portable and login to Feedly.com
  3. Add an exception using ctrl-i (Permissions>Set Cookies>Allow)
  4. Verify that exception is added as https://feedly.com^firstPartyDomain=feedly.com
  5. Close Firefox Portable
  6. Open Firefox Portable and go to feedly.com
  • actual result
    I have to login again

  • expected result
    I am already logged in when I go to feedly.com

I'm embarrassed to say that I've spent a solid 3 hours trying to figure this out. The most relevant thing I could find when searching was this. I tried to follow everything and test what was shared there, but no luck. Clearly the main issue here is ignorance and it seems like Firefox Portable does not behave like non-portable.

Any help on crafting a user-overrides.js that does session restore and saves my logins between session in Firefox Portable would be greatly appreciated.

@rusty-snake
Copy link
Contributor

// user_pref("browser.sessionstore.privacy_level", 0); // 1003 optional [to restore cookies/formdata]

^^^ Did you set this?

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Dec 4, 2021

// user_pref("browser.sessionstore.privacy_level", 0); // 1003 optional [to restore cookies/formdata]

^^^ Did you set this?

don't do that - use site exceptions for retaining logins

EDIT sorry, misread that as something else

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Dec 4, 2021

already replied in the other one, at least this one is more readable

from the other issue

portable works just fine. I can't read through that mess above and that amount of overrides is obsessive and not needed. It is not enough to just keep replacing overrides, you should make sure everything is reset in about config as well

New profile. Add arkenfox, Add session restore overrides recipe

  • basically all you need is to enable history and also see 1003 below, thanks @rusty-snake
/* override recipe: enable session restore ***/
user_pref("browser.startup.page", 3); // 0102
  // user_pref("browser.privatebrowsing.autostart", false); // 0110 required if you had it set as true
  // user_pref("places.history.enabled", true); // 0862 required if you had it set as false
user_pref("browser.sessionstore.privacy_level", 0); // 1003 optional [to restore cookies/formdata]
  // user_pref("network.cookie.lifetimePolicy", 0); // 2801 [don't: add cookie + site data exceptions instead]
user_pref("privacy.clearOnShutdown.history", false); // 2811
  // user_pref("privacy.clearOnShutdown.cookies", false); // 2811 optional: default false arkenfox v94
  // user_pref("privacy.clearOnShutdown.formdata", false); // 2811 optional
user_pref("privacy.cpd.history", false); // 2812 to match when you use Ctrl-Shift-Del
  // user_pref("privacy.cpd.cookies", false); // 2812 optional: default false arkenfox v94
  // user_pref("privacy.cpd.formdata", false); // 2812 optional

Keep login cookies - add exceptions for cookies you want to keep as Allow in Cookies + Site Data. It works. You need to use FPI syntax - it's explained in the user.js

/* 2801: delete cookies and site data on exit
 * 0=keep until they expire (default), 2=keep until you close Firefox
 * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
 * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow
 *   If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
user_pref("network.cookie.lifetimePolicy", 2);

These work

@Thorin-Oakenpants
Copy link
Contributor

note we will be changing from FPI to dFPI so when that happens in FF96, you will need to change your cookie + site exceptions, see #1281

@Thorin-Oakenpants
Copy link
Contributor

rusty, 1003 can be made active in the recipe, since we clear cookies and form data anyway

@Cnote43
Copy link
Author

Cnote43 commented Dec 4, 2021

Thanks for the quick and detailed responses. I've got it saving sessions, but it still won't save my logins. To be clear, what I'm wanting is to login to a site, close the browser, open it later and still be logged into the site.

I started with a fresh Firefox Portable install (from here). I added the Arkenfox user.js then created a new user-overrides.js with only the following:

/* override recipe: enable session restore ***/
user_pref("browser.startup.page", 3); // 0102
user_pref("browser.privatebrowsing.autostart", false); // 0110 required if you had it set as true
user_pref("places.history.enabled", true); // 0862 required if you had it set as false
user_pref("browser.sessionstore.privacy_level", 0); // 1003 optional [to restore cookies/formdata]
  // user_pref("network.cookie.lifetimePolicy", 0); // 2801 [don't: add cookie + site data exceptions instead]
user_pref("privacy.clearOnShutdown.history", false); // 2811
  // user_pref("privacy.clearOnShutdown.cookies", false); // 2811 optional: default false arkenfox v94
  // user_pref("privacy.clearOnShutdown.formdata", false); // 2811 optional
user_pref("privacy.cpd.history", false); // 2812 to match when you use Ctrl-Shift-Del
  // user_pref("privacy.cpd.cookies", false); // 2812 optional: default false arkenfox v94
  // user_pref("privacy.cpd.formdata", false); // 2812 optional

Then I ran updater.bat. These overrides are not saving my logins between sessions. Here are my cookie + site exceptions for the two sites I tested with:
image

Sorry to be so dense on this. I cannot figure out what I'm doing wrong.

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Dec 5, 2021

Question if you add https://github.com^firstPartyDomain=github.com do you stay logged into github?

@Thorin-Oakenpants
Copy link
Contributor

some sites like to store login info outside of a cookie

so try adding these

user_pref("privacy.clearOnShutdown.offlineApps", false);
user_pref("privacy.cpd.offlineApps", false);

I think @fxbrit has had a few users report that at Librewolf (who uses the same settings). fxbrit, maybe we should relax those back to default as per LW used to have it - if you're retaining a cookie via site exception, I don't see the issue: I just thought the sanitizing would be more robust - but if it breaks the intended affect of staying logged in, then we should revert that part

@Cnote43
Copy link
Author

Cnote43 commented Dec 5, 2021

Those two offlineApps settings were the key. Without them Github would not save my login. After adding them it saves all my logins. Thank you!

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Dec 5, 2021

Good to know. Do the other ones work - yahoo mail and feedly ?

edit: closing, but do let us know if the other sites are working, and thanks for testing 🍻

Also be aware that some sites (e.g. banks, will only set session cookies: a site exception as Allow will not upgrade them, as that would be a security flaw)

Thorin-Oakenpants added a commit that referenced this issue Dec 5, 2021
- in v94 we switched to cookies lifetime as session, so users could use site exceptions to retain selected cookies (to stay logged in one assumes)
- that mean not deleting all cookies on shutdown
- but some login methods/types require more than cookies and also need the "site data" part of "cookies + site data" - that's the offlineApps part
- note: all site data (and cookies) is still cleared on close except site exceptions
@Thorin-Oakenpants Thorin-Oakenpants changed the title Can't get logins to save between sessions in Firefox Portable Can't get logins to save between sessions [solved: offlineApps sanitizing] Dec 5, 2021
@Cnote43
Copy link
Author

Cnote43 commented Dec 6, 2021

Yes, ALL logins are saved as I expect. Ihaven't tried banks yet, but I understand those won't persist and that's a good thing. Thanks again for all your help!

@fxbrit
Copy link
Collaborator

fxbrit commented Dec 6, 2021

maybe we should relax those back to default as per LW used to have it

yes, it seems like a win-win situation.

@Thorin-Oakenpants
Copy link
Contributor

things have changed, offlineApps now respects exceptions, which is how we do it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

4 participants