103: UI: Delete cookies and site data when Firefox is closed

[Thorin-Oakenpants]

Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed

In 102 it still controls the lifetime cookie pref, and checking will trigger another migration. Currently 102 has that in deprecated

// FF102
   // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
   // 0=keep until they expire (default), 2=keep until you close Firefox
   // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
   // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665

In 103 it changes: we need to add the UI info back into section 2800 - see 1681495

• AFAICT toggling it on will set custom history and check cookies, offline web data, and cache
• not sure what toggling it off does

[julkefol]

I'm wondering If it is responsible for user_pref("privacy.clearOnShutdown.cookies", false); not working. Because the value shows true after opening about:config window.

[NotSnowyy]

I'm wondering If it is responsible for user_pref("privacy.clearOnShutdown.cookies", false); not working. Because the value shows true after opening about:config window.

I noticed the same issue.
Closing FF manually and then shutting down doesn't clear my cookies.
Shutting down with FF still open does clear them. privacy.clearOnShutdown.cookies gets set to true after restarting FF.

[Thorin-Oakenpants]

You didn't say which FF version you are on, and this is not a troubleshooting issue.

Read OP. In FF102 a "migration" happens (on startup) if you have network.cookie.lifetimePolicy = 2, it gets reset to 0 and privacy.clearOnShutdown.cookies + privacy.clearOnShutdown.offlineApps are set to true = all three differ from the arkenfox v101. v102 which is coming aligns with these changes.

The annoying part is that the UI is not aligned until FF103. It is explained here: 1777419#c3

The migration code from Bug 1681498 migrates the pref behind the "Delete cookies and site data when Firefox is closed" checkbox on startup. However the checkbox still updates the pref we migrate away from. This means after startup it becomes unchecked again, even though the sanitize-on-shutdown mechanism is still enabled.

[...] The issue is fixed in 103, because that version contains both patches

@NotSnowyy closing manually is the same as onShutdown .. onShutdown does not mean your computer

[theltalpha]

The annoying part is that the UI is not aligned until FF103. It is explained here: 1777419#c3

This sounds nasty for ESR users, since v102 is the current ESR version. I hope Mozilla will backport the UI alignment into ESR v102.

[Thorin-Oakenpants]

This sounds nasty for ESR

https://bugzilla.mozilla.org/show_bug.cgi?id=1681495#a46403609_24572 .. this is what lead me to think 102 wasn't going to have the migration

https://bugzilla.mozilla.org/show_bug.cgi?id=1777419#c3 confirms that, saying they didn't back it all out - i.e this was meant to be a 103 change

https://bugzilla.mozilla.org/show_bug.cgi?id=1777419#c4 looks like that's what they intend to do - so yeah, looks like ESR will be different somewhat, so .. well, ummm .. fuck

[NotSnowyy]

I am using FF 102.

@NotSnowyy closing manually is the same as onShutdown .. onShutdown does not mean your computer

Well this and reading the OP properly makes more sense...
I have no idea why closing it manually made a difference tho, only then was my Cookies and Site Data whitelist properly kept. This didn't happen with FF 101.
Anyway, sorry for hijacking & thanks for your answer :)

[Thorin-Oakenpants]

I have no idea why closing it manually made a difference tho

Manually means the app closes gracefully (and gets to so do all the shit it is meant to when you close it). Normally if you close apps with the OS, they are given time to actually close gracefully, but this may not be the case all the time

Anyway, this will explain it - https://bugzilla.mozilla.org/show_bug.cgi?id=1771024 - fixed in 103 so startup sanitizing also respects exceptions

[goat-oss]

Even the user-agent string changes in v102.
Don't know if it's intentional, but wanted to notify @Thorin-Oakenpants

[Thorin-Oakenpants]

yes, the UA is correct. RFP only spoofs the version for android in FF102+, as 102

[yokoffing]

Does anyone know if privacy.clearOnShutdown.sessions (Active Logins), which "refers to HTTP Basic Authentication, not logins via cookies", excludes my Site Exceptions or will it affect all sites globally? Moving forward, does Site Exceptions only affect cookies, cache, and offline website data?

I think what I'm trying to ask is: Should I also toggle privacy.clearOnShutdown.sessions if I utilize Site Exceptions for everyday browsing (e.g., github.com, reddit.com, etc.)?

[fxbrit]

the default value of that pref is true and there's not going to be any change in what exceptions clear / do not clear. the only change will be in when exceptions will be respected / will not be respected.

[Thorin-Oakenpants]

AFAIK the only onShutdown stuff they hooked up to exceptions is cookies (.cookies) and site data (.offlineApps). Cache clearing which respects exceptions is 2812 and I can't remember why exactly they haven't enabled it with the checkbox (in FF101 or lower). In 102+ they're using the onShutdown cache one. I don't see any point in keeping cache for selected sites, TBH

.sessions - leave it at true. What possible benefit can you gain otherwise?

[Thorin-Oakenpants]

https://bugzilla.mozilla.org/show_bug.cgi?id=1765533 - they need to redesign the UI

[Thorin-Oakenpants]

why the confused face 🐟

[fxbrit]

I don't understand why firefox is still sold on handling "cookies and site data" and the rest of "clear on shutdown" in two different places in the UI, it would make sense to have it all together I guess?

edit: that scheme in the bugzilla is nice

[yokoffing]

AFAIK the only onShutdown stuff they hooked up to exceptions is cookies (.cookies) and site data (.offlineApps). Cache clearing which respects exceptions is 2812 and I can't remember why exactly they haven't enabled it with the checkbox (in FF101 or lower).

I'm confused. Let's backup a bit.

In 102 Stable on a new profile with no user.js: I set network.cookie.lifetimePolicy to 2 and restart. After restart, I see Delete cookies and site data is unchecked and Clear history when Firefox closes is enabled with the following prefs:

Based on the other discussion, this seems to be the default behavior right now.

You're saying network.cookie.lifetimePolicy only affected cookies and site data, but it now appears they've linked it to .cache as well, or is this a bug?

I've never touched 2812 and I'm confused to what 2811 .cache affects and what 2812 privacy.clearsitedata.cache.enabled in real world usage?

I'm fine with clearing cache upon shutdown, but there is one site every so often that I need the cache not to be cleared because there's no login system; and if you clear the cache, you have to setup everything from scratch. So I'm wondering if Firefox will respect that if I add it to Site Exceptions.

[Thorin-Oakenpants]

yes, it also enables cache

as said in OP

AFAICT toggling it on will set custom history and check cookies, offline web data, and cache

as stated in #1491

it is used to migrate users off of it: i.e they would reset it to 0 and enable custom history and enable sanitizing onShutdown for cookies, offlineApps (site data), and cache.

and mentioned in #1441 (comment)

The other one is every time you play with that checkbox, it resets to deleting cache - see comments https://old.reddit.com/r/firefox/comments/vn68tr/firefox_is_unchecking_delete_cookies_and_site/

and I thought I posted 1777419#c9 already somewhere

If you select Cookies, Cache, offline website data that has the same effect as using the "Delete cookies and site data when Firefox is closed" checkbox. It will take any exceptions you have set into account

Of course NONE of that happens if lifetimePolicy = 0, so you can choose what you want (and don't fucking toggle that checkbox)

[Thorin-Oakenpants]

The migration also takes into account if custom history was already enabled. If it wasn't, then it clears the other items: history, forms + downloads, site exceptions, etc, so users don't lose any data. If it was, then it leaves those other items as they were

[Thorin-Oakenpants]

I've never touched 2812 and I'm confused to what 2811 .cache affects and what 2812 privacy.clearsitedata.cache.enabled in real world usage?

The current 2812 pref privacy.clearsitedata.cache.enabled respects site exceptions, and used to be enabled (I think) and had a UI under Cookies and Site Data which said something like Also clear cache. I can't remember why they hid that and kept it at false. I think it might have been a perf issue. Edit: of course it was default false, as was clearing cookies and site data

The 2811 pref privacy.clearOnShutdown.cache is all or nothing, does not respect site exceptions

[Thorin-Oakenpants]

It's become clear that people don't equate .offlineApps with "site data", and the v102 user.js needs revamping for 103 anyway. So the current subheader could be taken as all those onShutdowns respect exceptions

Here's a very quick idea: nits welcome

• ToDo: add in the UI change
• note: at some stage cpd will also respect exceptions for cookies and offlineApps: so yeah, more changes
• honestly, this is becoming gargantuan

click if you dare

/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
/* 2810: enable Firefox to clear items on shutdown
 * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/
user_pref("privacy.sanitize.sanitizeOnShutdown", true);

/** SANITIZE ON SHUTDOWN: ALL OR NOTHING ***/
/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME]
 * [NOTE] If "history" is true, downloads will also be cleared
 * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies
 * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/
user_pref("privacy.clearOnShutdown.cache", true);     // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.formdata", true);  // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.history", true);   // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.sessions", true);  // [DEFAULT: true]
   // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false]
/* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
 * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811)
 * [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/
   // user_pref("privacy.clearOnShutdown.openWindows", true);

/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF102+ ***/
/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME]
 * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below).
 * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for
 * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
 * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
 * [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271)
 * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question)
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
user_pref("privacy.clearOnShutdown.cookies", true); // Cookies
user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data
/* 2816: set cache to clear on exit [FF96+]
 * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
 * [1] https://bugzilla.mozilla.org/1671182 ***/
   // user_pref("privacy.clearsitedata.cache.enabled", true);

/** SANITIZE MANUAL: ALL OR NOTHING ***/
/* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME]
 * This dialog can also be accessed from the menu History>Clear Recent History
 * Firefox remembers your last choices. This will reset them when you start Firefox
 * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog
 * for "Clear Recent History" is opened, it is synced to the same as "history" ***/
user_pref("privacy.cpd.cache", true);    // [DEFAULT: true]
user_pref("privacy.cpd.formdata", true); // [DEFAULT: true]
user_pref("privacy.cpd.history", true);  // [DEFAULT: true]
user_pref("privacy.cpd.sessions", true); // [DEFAULT: true]
user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false]
user_pref("privacy.cpd.cookies", false);
   // user_pref("privacy.cpd.downloads", true); // not used, see note above
   // user_pref("privacy.cpd.openWindows", false); // Session Restore
   // user_pref("privacy.cpd.passwords", false);
   // user_pref("privacy.cpd.siteSettings", false);
/* 2822: reset default "Time range to clear" for "Clear Recent History" (2820)
 * Firefox remembers your last choice. This will reset the value when you start Firefox
 * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today
 * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown,
 * which will display a blank value, and are not guaranteed to work ***/
user_pref("privacy.sanitize.timeSpan", 0);

[fxbrit]

had a UI under Cookies and Site Data which said something like Also clear cache

isn't it the one showing when you click Cookies and Site Data > Clear Data?

2821 contains a non manual pref

this SR talk reminded me we should check the overrides again, #1293 (comment) relied on the lifetime pref which is gone. worth re-testing.

[Thorin-Oakenpants]

oooh .. #1293 (comment) has the link to the moz dev comment I mentioned about the mess with sanitizing and expectations

#1293 (comment) relied on the lifetime pref

it did? well fuck, best YOU and rusty et al had better test it then :)

[Thorin-Oakenpants]

just going to wing it in the 103 PR