check some override recipe things

[Thorin-Oakenpants]

enable session restore recipe:

• SR actually works with places.history.enabled=false
• Cookies are restored even with browser.sessionstore.privacy_level=2 (note that I don't use network.cookie.lifetimePolicy=2).
• browser.sessionstore.privacy_level=0 restores formdata even with privacy.clearOnShutdown.formdata=true.

Originally posted by @rusty-snake in #1277 (comment)

[LtqxWYEG]

Don't forget

user_pref("privacy.clearOnShutdown.offlineApps", false);
user_pref("privacy.cpd.offlineApps", false);

was ripping my hairs out because I had this set to true in my overrides. The behavior just changed with the last FF version, I guess?

Originally posted by @Thorin-Oakenpants in #1291 (comment)

[Thorin-Oakenpants]

yes - see

• Can't get logins to save between sessions [solved: offlineApps sanitizing] #1291
• 9d61992

[fxbrit]

SR actually works with places.history.enabled=false

confirmed. I only needed:

user_pref("browser.startup.page", 3);
user_pref("privacy.clearOnShutdown.history", false);

both can be set using the settings UI in FF btw.

Cookies are restored even with browser.sessionstore.privacy_level=2

confirmed, as long as network.cookie.lifetimePolicy=0 as reported above.

to test this:

• enable session restore with the two flips above.
• go to duckduckgo.com.
• click on settings and set the dark theme for the website.
• close and re-open the browser.

if the cookie was actually cleared the theme would be set to white because of RFP, instead it is still dark.

[Thorin-Oakenpants]

SR actually works with places.history.enabled=false

this is a great comment - the intersection of SR and history and sanitizing (and where form data and history come regards privacy/sanitizing) has never been clear cut

I can't for sure say what the old behavior was (ignoring PB mode) - but we had that there for a reason, so I guess behavior changed. SR files are created and maintained in case of a crash, and if you allow SR then it just doesn't wipe it on close.

I guess I could test my FF set in a binary fashion until I find when it changed

[fxbrit]

I guess I could test my FF set in a binary fashion until I find when it changed

found this comment from 2018 that suggest the behavior has been the same one for a while -> #575 (comment)

confirmed, as long as network.cookie.lifetimePolicy=0 as reported above.

I want to re-test this once that pref is deprecated.

[fxbrit]

are we still looking for something in here?

given this issue I propose changing enable session restore recipe to:

/* override recipe: enable session restore ***/
user_pref("browser.startup.page", 3); // 0102
  // user_pref("browser.privatebrowsing.autostart", false); // 0110 required if you had it set as true
  // user_pref("browser.sessionstore.privacy_level", 0); // 1003 to restore formdata, optional
user_pref("privacy.clearOnShutdown.history", false); // 2811
  // user_pref("privacy.cpd.history", false); //  2812 to match when you use Ctrl-Shift-Del, optional

[Thorin-Oakenpants]

are we still looking for something in here?

yes. i will get to it when i get to it - the longer i leave it, the higher the chance there is nothing to do

[Thorin-Oakenpants]

are we still looking for something in here?

updated the recipe, this is not something I will ever test or can be bothered about, but at least the recipe looks cleaner

[fxbrit]

#1293 (comment)

I re-tested this both in 102 and 103 (where the lifetime pref doesn't even exist anymore), and in both cases I simply had to set an exception for cookies to not be cleared. so browser.sessionstore.privacy_level value still doesn't matter and cookies are not automatically restored with open tabs if sanitize on close is enabled.

[Thorin-Oakenpants]

so we're good then? nothing to do?

[fxbrit]

yup, we're good.