Correct, removing the cookie lifetime policy feature does not change PBM behavior.
On Wed, 20 Jul 2022 at 12:10, Richard Pospesel <[email protected]> wrote: > Paul: So then the behaviour surrounding disk-writes of cookies and other > misc session storage is > remaining the same in private browsing mode? > > best, > -Richard > > On 7/20/22 09:13, Paul Zühlcke wrote: > > Hi Tom! > > > > Removing the cookie lifetime policy feature does not change how we treat > session cookies. Enabling > > `network.cookie.lifetimePolicy` simply meant that all cookies would be > downgraded to session > > cookies, no matter how they were set. However, the feature didn't avoid > disk-writes when it came to > > other storages > > < > https://searchfox.org/mozilla-central/rev/34289456cccd8bcacd5e8665102cca7543b35213/browser/modules/Sanitizer.jsm#856-862 > >. > > When the user has clearing on shutdown enabled, now that we've switched > over to the > > sanitize-on-shutdown mechanism, cookies are no longer downgraded, but > stored normally (on disk) and > > cleared on shutdown (or startup if there was a crash). > > If you're trying to avoid disk-writes for both cookies & storage I'd > suggest using private browsing > > mode (e.g. via `browser.privatebrowsing.autostart`). > > > > Best Regards, > > Paul > > > > On Tuesday, 19 July 2022 at 20:33:03 UTC+2 Tom Ritter wrote: > > > > The first email referenced in-memory handling of cookies, so (with > my Tor hat, not my Mozilla > > hat) the concern would be that this will cause disk writes. Tor > Browser tries hard to avoid > > writing anything to disk, especially not information that leaks the > browsing history. If > > session cookies (or non-session cookies treated as session cookies, > or non-session cookies that > > will be wiped at the end of the session) are being written to disk > (either before this change, > > or after it) it would be something we should make Tor aware of so > Tor can determine how to > > handle the situation. (Which might be backing out the Mozilla patch > in Tor Browser, or asking > > Mozilla very nicely if they would reconsider.) I'm going to cc the > Tor Browser lead in on the > > email... > > > > -tom > > > > On Tue, Jul 19, 2022 at 12:12 PM Hannah Peuckmann < > [email protected] > > <mailto:[email protected]>> wrote: > > > > The original intent to unship might be a bit misleading in > regards to session cookies. > > We are not going to remove the concept of a session cookie. We > are just not downgrading > > cookies to session anymore if shutdown cleaning is activated via > “clear cookies and site > > data when Nightly is closed”. With network.cookie.lifetimePolicy > activated, cookies were > > downgraded to session. The sanitizeOnShutdown mechanism does not > do this. > > Network.cookie.lifetimePolicy did not manage session cookies or > cleaned up cookies that > > reached their expiration date. So, the way session cookies are > handled will not be changed. > > In general, if we crash and could not clean on shutdown we have > a mechanism to run the > > sanitization on startup. I hope this answers your question. > > > > > > On Monday, July 18, 2022 at 4:42:56 PM UTC+2 Tom Ritter wrote: > > > > I'm sorry I missed this email the first time and am now > raising questions on it. How > > does this relate to disk writes? Will we now write session > cookies to disk (and then > > sanitize them on shutdown?) What if we crash, and don't run > the sanitization code, will > > we detect them and sanitize them on startup? > > > > -tom > > > > On Mon, Jul 18, 2022 at 4:02 AM Hannah Peuckmann < > [email protected] > > <mailto:[email protected]>> wrote: > > > > Update: > > > > We postponed our work to Fx103. We granted our patches > an additional cycle in Nighty > > to be on the safe side in regards to bugs. Hence, > Starting from Fx103, activating > > “Delete cookies and site data when nightly is closed” > will trigger the sanitization > > mechanism, the feature that is behind the “Clear history > when Nightly closes” > > < > https://support.mozilla.org/en-US/kb/delete-browsing-search-download-history-firefox#w_how-do-i-make-firefox-clear-my-history-automatically > >option, > > to perform the same data cleaning as > network.cookie.lifetimePolicy did. Starting > > from Fx104, network.cookie.lifetimePolicy will be > removed from the code base entirely. > > > > On Monday, May 2, 2022 at 11:37:11 AM UTC+2 Hannah > Peuckmann wrote: > > > > With the release of Fx102 we intend to remove > network.cookie.lifetimePolicy on > > desktop. > > > > Bug to remove: Bug 1681493 - [meta] Deprecate and > remove > > network.cookie.lifetimePolicy < > https://bugzilla.mozilla.org/show_bug.cgi?id=1681493> > > > > > > For most users, the concept of "session" cookies is > very hard to understand and > > so we try to make it a little more opaque by calling > the option "Delete cookies > > and site data when Nightly is closed". Because this > can already be done with > > sanitization preferences we effectively end up with > two different ways in > > Firefox to clear cookies and site data on exit. The > difference between them is > > almost impossible to understand for anyone who is > not a Firefox engineer. > > > > In addition to usability concerns, having > "in-memory-only" session cookie > > lifetime has meant adding ugly hacks and workarounds > for most of our storage > > technologies for a long time now (or simply > disabling them in that mode). We had > > already decided in the past to stop treating > "session lifetime" as equivalent to > > "in-memory" to avoid these issues. At that point > there's no real reason to have > > the concept of session lifetime anymore when all of > it can be handled through > > sanitization. > > > > We will remove the network.cookie.lifetimePolicy > pref that is controlled by the > > "Delete cookies and site data when Nightly is > closed" > > < > https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox#w_clear-cookies-for-any-website > >option. > > Starting from Fx102, activating “Delete cookies and > site data when nightly is > > closed” will trigger the sanitization mechanism, the > feature that is behind the > > “Clear history when Nightly closes” > > < > https://support.mozilla.org/en-US/kb/delete-browsing-search-download-history-firefox#w_how-do-i-make-firefox-clear-my-history-automatically > >option, > > to perform the same data cleaning as > network.cookie.lifetimePolicy did. > > > > The UI though will not experience any changes, also, > the feature of being able > > to declare exceptions to “Delete cookies and site > data when Nightly is closed” > > through the “Manage exceptions > > < > https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox#w_clear-cookies-for-any-website > >” > > button will still be taken into account when > cleaning on shutdown (Bug 1681701 > > < > https://bugzilla.mozilla.org/show_bug.cgi?id=1681701>). > > > > Bug 1681498 < > https://bugzilla.mozilla.org/show_bug.cgi?id=1681498> will take > > care of migrating all users of the “Delete cookies > and site data when Nightly is > > closed" option to matching sanitization prefs. > According to telemetry data > > < > https://sql.telemetry.mozilla.org/queries/85568/source#211908>those are > around > > 5.5% of the users on Release and 8% of the Nightly > users. > > > > Removing the network.cookie.lifetimePolicy will lead > to a cleaner code base and > > a more convenient, more uniform sanitization process. > > > > -- > > > > You received this message because you are subscribed to > the Google Groups > > "[email protected] <mailto: > [email protected]>" group. > > To unsubscribe from this group and stop receiving emails > from it, send an email to > > [email protected] <mailto: > [email protected]>. > > > > To view this discussion on the web visit > > > https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/6089e716-2f2c-42cd-9c9f-cceab03ec7afn%40mozilla.org > > < > https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/6089e716-2f2c-42cd-9c9f-cceab03ec7afn%40mozilla.org?utm_medium=email&utm_source=footer > >. > > > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAPdF9uOW0EJQe-WpjMWM%2BnPD42LoKdQiNf3f4kFNy8b0E4wUBg%40mail.gmail.com.
