Cookies are not being removed

[bberberov]

I opened Show Cookies... in Firefox and noticed that cookies from domains I accessed days ago are still listed. I restarted Firefox a couple of times and everything is still there. I have both Clean when leaving all instances of a domain: and Clean on browser start: checked. Snooze is not on and no rules have been defined.

[Joel889]

Does manual cleanup from the extension get rid of them? Also, make sure to have remove third party cookies on creation turned on.

[Joel889]

Also, there is a rare bug that won't clean a few cookies ( https://github.com/Lusito/forget-me-not/issues/40 ), but I think that is fixed in the upcoming release.

[Lusito]

Thanks @Joel889 for the answers. Another possibility would be Bug 1440263, which must be fixed by mozilla.

If those are not the case, I'd need more information. Like which cookies (domain, name and path.. value is not important) are affected. I'm assuming that not all cookies are affected, since no other user has reported such behavior.

Otherwise, Version 1.0 is arriving soon with lots of improvements. Stay tuned.

[bberberov]

OK. So I just did the simple Github test described in #40

1. Cleared all cookies from Preferences in Firefox.
2. Went to Github
3. Closed browser
4. Opened browser (Github is not my default page), waited 2 min, cookies are still there.

These are my settings:

I noticed that when Apply Rules is not on, cookies are cleared, but I can do that without an extension.

I'll try some more tests. Part of this is probably #40, but cookies should still clear on startup if Apply Rules is on.

[Joel889]

Which version of Firefox are you using? Also, try enabling "remove third party cookies". The naming is somewhat unconventional, and include subdomain cookies from a domain you visited (as opposed to an unrelated domain).

[Lusito]

Thanks for the info. Just to clarify how this extension works:

• Once you close the last github tab, a timer starts for 2 minutes. If no github domain has been reopened in that time, the cookies will be cleaned after these 2 minutes.
• If you however close the browser before this timeout happens, the cleanup will not happen.
• Since you have clean on browser start on, the behavior on browser start is:
  • a second after browser start, the extension checks if a github.com domain is open.. if it's not, then it clears the cookies for that domain.

I'll check if I can reproduce this behavior with a clean user profile. Just wondering.. do you have firefox itself configured to handle cookies in a certain way?

[Lusito]

I can't reproduce this with a clean profile.

Since the Apply Rules checkbox is grayed out for local storage on your screenshot, I'm assuming that you either have a Firefox version of 57 or lower, or you have privacy.resistFingerprinting enabled. Could you please clarify? Thanks.

These questions might additionally help identifying the issue: Do you have any other cookie extensions installed? Do you use Firefox containers? Do you have First Party Isolation enabled?

[bberberov]

I have 59.0.2 with privacy.resistFingerprinting on as one of 282 settings in user.js

These are the cookie ones I remember:

user_pref("network.cookie.cookieBehavior",                      1);
user_pref("network.cookie.leave-secure-alone",               true);
user_pref("network.cookie.lifetimePolicy",                      0);
user_pref("network.cookie.thirdparty.sessionOnly",           true);
user_pref("network.cookie.thirdparty.nonsecureSessionOnly",  true);

user_pref("privacy.clearOnShutdown.cookies",      false);
user_pref("privacy.cpd.cookies",      false);

Do you have any other cookie extensions installed?

No. Well, uMatrix, but I don't do anything with cookies (yet). All the cookie settings are off right now.

Do you use Firefox containers?

I didn't do anything to enable them. I think they are off by default.

Do you have First Party Isolation enabled?

Just checked and yes. The note said that it should not be a problem with FF59+.

user_pref("privacy.firstparty.isolate",                        true);
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);

Could we focus on Clean on browser start:, first? I can work with that as long as Apply Rules is usable.

[Lusito]

Could you please try the following to see if cookie cleaning works at all?

1. Manual cleanup

   • Go to github.com, Leave every instance of github.com you have open
   • Perform the manual cleanup (on the trashcan tab)
   • Check if a notification pops up showing you github.com was cleaned
   • Open chrome://browser/content/preferences/cookies.xul in your browser url, see if the cookies are still there (you might need to refresh that page to see changes if you had it open before the cleanup).

2. Tab Cleanup

   • Go to github.com, stay on it.
   • Perform the tab cleanup (on the eye tab)
   • Check if a notification pops up and if cookies still exist just as in the above steps

Thanks for working this out with me!

[bberberov]

Manual cleanup

Clicking on Clean Now! only worked when Apply Rules was off. No notifications appeared at any time.

Tab Cleanup

Didn't work at all. :-( No notifications appeared at any time.

I think I was using 59.0.1 when I first tried forget-me-not and I remember getting at least some notifications.

That cookie manager link is a keeper! I wonder what else can be accessed that way.

[Lusito]

That is weird, but at least, that is good from a debugging point of view.. We can easily test if it works with the latest version.

You can try the latest version:

• Download http://lusito.info/forget-me-not-092.zip
• extract it somewhere
• Open "about:debugging" in your browser url
• Click on the button "load temporary add-on"
• Select the file "manifest.json" in the folder you just extracted.
• Try above tests again.

Keep in mind:

• Temporary add-ons are removed upon browser restart.
• When you press the remove link on the temporary add-on, it will only remove the temporary add-on, not the normal version of the add-on.

On a side note: I was not able to reproduce this issue with the settings you specified. I'm guessing it must be something else.

I wonder what else can be accessed that way.

See: http://kb.mozillazine.org/Chrome_URLs. These URLS may be removed in the future, so it's nothing you can rely on. They are mainly for internal use.

[Lusito]

If it doesn't work with the latest version either, I can write a debug version, which would log which steps are done, so I can see which ones are ignored.

[bberberov]

I just updated to FF60, and so far I've seen a few notifications! It will take me some time to see what the current status is.

FF60 is going to be the new ESR. It might make sense to deprecate all "legacy" versions. Just a thought.

[Lusito]

I know a lot of people keep using older versions of Firefox, so it's hard to argue why I would deprecate older versions when it would be little extra work. Your bug seems to be an anomaly, as no one else has reported anything like it.

[bberberov]

It seems to be working with FF60. Tested it with a couple of rules and it works as expected. Clean up on startup also works as expected. Don't know how to check Local Storage or IndexedDB. There used to be a UI for one of them, if I remember correctly, but I didn't find it.

If you want, I can probably post my entire user.js for FF59. Cannot do side-by-side, or rollback, on this installation, but you can make your own FF59 profile if you want to look into it. Or you can just close it.

[Lusito]

I'm gonna close this issue for now and if someone else encounters this issue I will re-open and investigate it further. Feel free to send me that user.js to: core -ät- lusito.info. Thanks for all the input!

[OhSoGood]

Hi @Lusito , I have the same issue as @bberberov . I performed the test you mentioned on May 12, and

• clean from trash tab: does nothing when 'Activate rules' is checked. Works if 'Activate rules' is unchecked
• clean from eye tab: works
• auto-clean when restarting FF (with activate rules enabled): doens't work

Some info: FF 60.0.2, Forget me not 1.0.2 resistfingerprinting enabled Do you have any other cookie extensions installed? No. I also use ublock origin, noscript (and auto tab discard, but whether or not I disable it, I have the same result with Forget me not) Do you use Firefox containers? no Do you have First Party Isolation enabled? no I basically have the same setting as @bberberov , with local storage also activated.