On 4/14/15 3:29 AM, Henri Sivonen wrote:
Specifically, on point #2, I think we should start by, by default, forgetting all cookies that don't have the "secure" flag set at the end of the Firefox session. Persistent cookies have two main use cases: * On login-requiring sites, not requiring the user to have to re-enter credentials in every browser session. * Behavioral profiling.
I searched for an existing bug to treat non-secure cookies as session cookies, but I couldn't find one.
However, I did find bug 530594 ("eternalsession"). Firefox's session restore, as the name suggests, restores session cookies even after the user quits and restarts the browser. This is somewhat surprising, but the glass-half-full perspective is that the negative effects of Henri's suggestion would be lessened (until bug 530594 is fixed).
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform