Hi Tom! Removing the cookie lifetime policy feature does not change how we treat session cookies. Enabling `network.cookie.lifetimePolicy` simply meant that all cookies would be downgraded to session cookies, no matter how they were set. However, the feature didn't avoid disk-writes when it came to other storages <https://searchfox.org/mozilla-central/rev/34289456cccd8bcacd5e8665102cca7543b35213/browser/modules/Sanitizer.jsm#856-862> . When the user has clearing on shutdown enabled, now that we've switched over to the sanitize-on-shutdown mechanism, cookies are no longer downgraded, but stored normally (on disk) and cleared on shutdown (or startup if there was a crash). If you're trying to avoid disk-writes for both cookies & storage I'd suggest using private browsing mode (e.g. via `browser.privatebrowsing. autostart`).
Best Regards, Paul On Tuesday, 19 July 2022 at 20:33:03 UTC+2 Tom Ritter wrote: > The first email referenced in-memory handling of cookies, so (with my Tor > hat, not my Mozilla hat) the concern would be that this will cause disk > writes. Tor Browser tries hard to avoid writing anything to disk, > especially not information that leaks the browsing history. If session > cookies (or non-session cookies treated as session cookies, or non-session > cookies that will be wiped at the end of the session) are being written to > disk (either before this change, or after it) it would be something we > should make Tor aware of so Tor can determine how to handle the situation. > (Which might be backing out the Mozilla patch in Tor Browser, or asking > Mozilla very nicely if they would reconsider.) I'm going to cc the Tor > Browser lead in on the email... > > -tom > > On Tue, Jul 19, 2022 at 12:12 PM Hannah Peuckmann <[email protected]> > wrote: > >> The original intent to unship might be a bit misleading in regards to >> session cookies. >> We are not going to remove the concept of a session cookie. We are just >> not downgrading cookies to session anymore if shutdown cleaning is >> activated via “clear cookies and site data when Nightly is closed”. With >> network.cookie.lifetimePolicy activated, cookies were downgraded to >> session. The sanitizeOnShutdown mechanism does not do this. Network. >> cookie.lifetimePolicy did not manage session cookies or cleaned up >> cookies that reached their expiration date. So, the way session cookies are >> handled will not be changed. In general, if we crash and could not clean on >> shutdown we have a mechanism to run the sanitization on startup. I hope >> this answers your question. >> >> >> On Monday, July 18, 2022 at 4:42:56 PM UTC+2 Tom Ritter wrote: >> >>> I'm sorry I missed this email the first time and am now raising >>> questions on it. How does this relate to disk writes? Will we now write >>> session cookies to disk (and then sanitize them on shutdown?) What if we >>> crash, and don't run the sanitization code, will we detect them and >>> sanitize them on startup? >>> >>> -tom >>> >>> On Mon, Jul 18, 2022 at 4:02 AM Hannah Peuckmann <[email protected]> >>> wrote: >>> >>>> Update: >>>> >>>> We postponed our work to Fx103. We granted our patches an additional >>>> cycle in Nighty to be on the safe side in regards to bugs. Hence, Starting >>>> from Fx103, activating “Delete cookies and site data when nightly is >>>> closed” will trigger the sanitization mechanism, the feature that is >>>> behind >>>> the “Clear history when Nightly closes” >>>> <https://support.mozilla.org/en-US/kb/delete-browsing-search-download-history-firefox#w_how-do-i-make-firefox-clear-my-history-automatically> >>>> >>>> option, to perform the same data cleaning as network.cookie.lifetimePolicy >>>> did. Starting from Fx104, network.cookie.lifetimePolicy will be removed >>>> from the code base entirely. >>>> >>>> On Monday, May 2, 2022 at 11:37:11 AM UTC+2 Hannah Peuckmann wrote: >>>> >>>>> With the release of Fx102 we intend to remove >>>>> network.cookie.lifetimePolicy on desktop. >>>>> >>>>> Bug to remove: Bug 1681493 - [meta] Deprecate and remove >>>>> network.cookie.lifetimePolicy >>>>> <https://bugzilla.mozilla.org/show_bug.cgi?id=1681493> >>>>> >>>>> For most users, the concept of "session" cookies is very hard to >>>>> understand and so we try to make it a little more opaque by calling the >>>>> option "Delete cookies and site data when Nightly is closed". Because >>>>> this >>>>> can already be done with sanitization preferences we effectively end up >>>>> with two different ways in Firefox to clear cookies and site data on >>>>> exit. >>>>> The difference between them is almost impossible to understand for anyone >>>>> who is not a Firefox engineer. >>>>> >>>>> In addition to usability concerns, having "in-memory-only" session >>>>> cookie lifetime has meant adding ugly hacks and workarounds for most of >>>>> our >>>>> storage technologies for a long time now (or simply disabling them in >>>>> that >>>>> mode). We had already decided in the past to stop treating "session >>>>> lifetime" as equivalent to "in-memory" to avoid these issues. At that >>>>> point >>>>> there's no real reason to have the concept of session lifetime anymore >>>>> when >>>>> all of it can be handled through sanitization. >>>>> >>>>> We will remove the network.cookie.lifetimePolicy pref that is >>>>> controlled by the "Delete cookies and site data when Nightly is >>>>> closed" >>>>> <https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox#w_clear-cookies-for-any-website> >>>>> >>>>> option. Starting from Fx102, activating “Delete cookies and site data >>>>> when >>>>> nightly is closed” will trigger the sanitization mechanism, the feature >>>>> that is behind the “Clear history when Nightly closes” >>>>> <https://support.mozilla.org/en-US/kb/delete-browsing-search-download-history-firefox#w_how-do-i-make-firefox-clear-my-history-automatically> >>>>> >>>>> option, to perform the same data cleaning as >>>>> network.cookie.lifetimePolicy >>>>> did. >>>>> >>>>> The UI though will not experience any changes, also, the feature of >>>>> being able to declare exceptions to “Delete cookies and site data when >>>>> Nightly is closed” through the “Manage exceptions >>>>> <https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox#w_clear-cookies-for-any-website>” >>>>> >>>>> button will still be taken into account when cleaning on shutdown (Bug >>>>> 1681701 <https://bugzilla.mozilla.org/show_bug.cgi?id=1681701>). >>>>> >>>>> Bug 1681498 <https://bugzilla.mozilla.org/show_bug.cgi?id=1681498> will >>>>> take care of migrating all users of the “Delete cookies and site data >>>>> when >>>>> Nightly is closed" option to matching sanitization prefs. According to >>>>> telemetry >>>>> data <https://sql.telemetry.mozilla.org/queries/85568/source#211908>those >>>>> are around 5.5% of the users on Release and 8% of the Nightly users. >>>>> >>>>> Removing the network.cookie.lifetimePolicy will lead to a cleaner code >>>>> base and a more convenient, more uniform sanitization process. >>>>> >>>> -- >>>> >>> You received this message because you are subscribed to the Google >>>> Groups "[email protected]" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>> To view this discussion on the web visit >>>> https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/6089e716-2f2c-42cd-9c9f-cceab03ec7afn%40mozilla.org >>>> >>>> <https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/6089e716-2f2c-42cd-9c9f-cceab03ec7afn%40mozilla.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/e0a65d3d-374c-46c1-9417-28cfa505cee8n%40mozilla.org.
