-
Notifications
You must be signed in to change notification settings - Fork 523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tracking: migrate cookie lifetime and sanitize cookie/offlineApps #1441
Comments
The only issue I have is timing
In other words I want to avoid the migration code getting triggered. So as long as we can switch at least one release before the pref is deprecated, then that's what I want to do My best guess is that they will want to get this done in ESR102 at the latest. For now it is not in FF101 and we can safely keep using the current setup. I would rather not pull the trigger on changing until I know it's production ready. There's a bit to digest, and I would want to know it's all working as intended. For example, 101 introduced some sanitizing speed perfs, which caused a regression with containers and subdomains (which was fixed). What I'm saying is I want to let the bugs manifest if there are any. And there is still code to be changed where lifetime policy is used. We can afford to wait. The only benefit I see is that it would then allow service workers, but since we've lived without those for the last We can keep this issue open as the ToDo and for tracking (although I am already tracking it) |
I think I found the difference between
TL;DR: |
Case 2 - We are going to be making clearOnShutdown true for both Anyway, when ready, we need to test this without using dFPI exceptions .. because, well fuck .... have a read
Anyway, personally, I have uBO in with no 3rd party by default, and I only have five site-data exceptions, and only one of those sites can be used as a SSO, so ... The Almighty knows I am out of this mess, but he's pretty sure you're fucked :) |
I do have |
this stuff can get confusing fast, and tests need to also check subdomains and probably scheme. AFAIK shit should be eTLD+1 (and i think scheme) |
this stuff probably intersects with #1293 and the longer I can ignore it all, the better TBH |
Wait... So website exceptions don't even know that cookie partitions are a thing? I feel like I've been carefully feeding the monkey with small amounts of cookies each day, only to know that it had access to my whole jar of cookies since the beginning. Have a bunch of site exceptions. Seems like you're right, Mr. Stephen. I'm sure to be f*cked. |
right .. here we go .. patchs underway bitches, early in the 102 nightly cycle
|
The UI settings changing is important as well for the user.js |
When
If migrated to |
I can't follow that. If you migrate from lifetime = 2 then "phase" 1 won't happen (unless permanently set as And thus, "phase 2" also won't happen, because you aren't setting cookies to be session only. Except, session cookies (such as bank ones etc) have always been cleared on close, that's what the "session" part means, so in technically, phase 2 has always happened This is a two stepper, don't think too hard about it
101 is basically done and dusted, and looks like 102 will "migrate" existing users, so at this point we have almost two months to work it out |
Migration CodeThe migration code will only do its thing if If lifetimePolicy is not The migration code can be seen here. UI CodeThe UI code is a little trickier, but here is my understanding of it:
Whenever the user changes ANY of the prefs 2801, Regarding arkenfox, if we were to set The UI code can be seen here. |
As of FF 99, But I think arkenfox should keep |
i'm not "worried" about the migration code, I'm worried that toggling the UI causes odd behavior, but now I've had a sleep I think the logic might be ok
That's what |
You're right, Thorin. I had forgotten about But even having it, Mozilla seems to be trying to push |
That was back in Feb. Lets just see what happens. One other reason this is a bit icky, is that I think the same codebase is used for forget about this site, and if they wanted to have cpd behave the same as clearonshutdown, then they might have to add more engineering so it knows if you are using forget about this site or ctrl-shift-del - and maybe that's not worth it in their eyes personally, I can see confusion if cpd behavior differs |
I hope you all realize that this was pushed back to FF103 at best (they may back port it to ESR at some point, IDK - I hope they do, so everyone is in sync) |
fuck, I think the migration is in 102 |
^ yup: https://old.reddit.com/r/firefox/comments/vn68tr/firefox_is_unchecking_delete_cookies_and_site/ oh well, what a messy UI and consistency until it gets resolved |
I also merged the old 2802 pref into 2810's and renumbered 2812+ -> 2820's (and updated wiki reference numbers) |
now I'm losing all cookies every few sessions - my user.js is the same as the v102 one in PR
|
I've been using these changes of arkenfox-102 PR for a week (done by myself, in FF 101), and I have not experienced this issue yet. Maybe it's a bug introduced by FF 102? |
IDK why it happened again, or even the first time (can't be assed) - I modified my user.js before updating to 102 (to avoid the migration and am 75% sure I reset the pref (or maybe I decided to let the migration do it for kicks). Anyway, doesn't seem to be happening now. I did subsequently check the lifetime pref UI in cookies and site data, and then restarted, but I fail to see how that does anything besides trigger another migration .. so |
So the "delete cookies and site data" checkbox in 102 still changes the lifetime pref, which then proceeds to uncheck itself and migrate again on next start - this is changed in 103 - https://bugzilla.mozilla.org/show_bug.cgi?id=1681495 The other one is every time you play with that checkbox, it resets to deleting cache - see comments https://old.reddit.com/r/firefox/comments/vn68tr/firefox_is_unchecking_delete_cookies_and_site/ I was going to try and shoehorn a warning not to touch that UI setting, but I ended up moving the pref to deprecated, and it's only 4 more weeks until it's semi-resolved. We should keep an eye on updating the pref info for that checkbox |
This weird issue has just happened to me. There was an electrical outage here... when I reopened everything, all my cookies and local storage were gone, just like Thanos. I'm still using FF 101, with arkenfox-102 PR. |
^ that's a bug that has been fixed in an upcoming release - I'll report back with the bugzilla for ya for me it's now all stable as fuck, been testing and opening and closing shit for the last 5 hours |
^ https://bugzilla.mozilla.org/show_bug.cgi?id=1771024 - fixed in 103 |
stop over-reacting ... Thanos' snappening was only half :) |
Well, fuck .. there it goes for the third time |
Another electrical outage and another Thanos' snapping. I'll stick to FF101 and lifetimePolicy until FF103 comes out. July 26th seems so far away in the future :( |
If I kill FF process, it also happens. 1771024 says that FF101 is unaffected, Edit: Damn, my FF was updated to 102 and I hadn't noticed it. So it seems 1771024 is really the culprit in my case. |
I'd like to confirm once because of the seemingly complicated mess here. I use AF without overriding any cookie-related prefs at all. Everything has the AF default value. No cookie or site data exceptions either. Will it be fine to update to Firefox 102 with the 102 AF? Or should I stay on 101 and wait until 103 like aleyvo intended to above? |
Aleyvo's issue is with unexpected shutdowns, which was always the case with sanitize onShutdown - so he's going to stick with making all cookies session-only (lifetime pref) and not onShutdown those (cookies, offlineApps). You can't do that in 102 (make all cookies session cookies) AF v102 will out soon. There's no need to wait IMO. It's working (albeit godamn, there's something fishy about losing them all periodically with a graceful shutdown - maybe that's it, sometimes it doesn't record a graceful shutdown, IDK - this is just my anecdata - it should be solid as fuck - it's just the UI is a mess IMO). |
Thanks. Yeah, I don't need to retain any data or fiddle with the UI; I just want that the data that is supposed to be erased, actually is erased. |
and .. fuck .. a 4th time ... fuck and a 5th time and I am exiting the app cleanly |
Just a follow-up to the "keep cookie + site data exceptions on close" functionality (issues #1256 and #1291.)
Considering that:
privacy.sanitize.sanitizeOnShutdown
is not "All or Nothing" anymore, i.e.privacy.clearOnShutdown.cookies
andprivacy.clearOnShutdown.offlineApps
now respect website exceptions as of FF99 (1681701, code);network.cookie.lifetimePolicy
is soon/not so soon to be deprecated (1681493, 1764761).Would it be the right time to update section 2800, deprecating
network.cookie.lifetimePolicy
and setting bothprivacy.clearOnShutdown.cookies
andprivacy.clearOnShutdown.offlineApps
to true? Functionality wise, thing should continue to be the same. It would be more of a future-proof measure.The text was updated successfully, but these errors were encountered: