On 9/12/2016 2:16 PM, Paul B. Gallagher wrote: > David E. Ross wrote: >> On 9/12/2016 10:37 AM, Paul B. Gallagher wrote: >>> David E. Ross wrote: >>> >>>> I had to create a separate SeaMonkey profile for accessing my >>>> financial accounts at a bank, two credit unions, and Vanguard mutual >>>> funds. My settings for this profile might give you some idea of what >>>> you might need to do. Where I say "Normally", that reflects the >>>> profile where I do most of my Web surfing. >>>> >>>> ... >>>> >>>> Cookies from 3rd party domains allowed from which there are already >>>> existing cookies and the file cookies.sqlite is marked "read-write". >>>> (Normally, I allow cookies only from the requested domain; and I >>>> mark cookies.sqlite as "read only".) >>> >>> I'm very curious about how you made this work. Under normal conditions, >>> you accept first-party cookies but you prevent SM from updating the >>> cookies file? How can both be true? >>> >> >> I first set the preference to allow ALL cookies. I then visited the Web >> sites of the financial institutions. After that, I changed the >> preference to "Allow third-party cookies for previously visited websites >> only". In that profile, I always had cookies.sqlite marked >> "read-write". Only in the profile I use for most of my Web surfing, I >> marked that file "read only". > > But if cookies.sqlite is marked "read-only," how can a site set a > cookie, even if it's an approved site? I mean, the definition of "set a > cookie" includes "modify cookies.sqlite," does it not? Confusinger and > confusinger... > > Do bank sites really work with stale cookies from previous visits? > Sounds like a great way for hackers to impersonate you -- just spoof > your cookie from a previous session. >
Two profiles, each with its own file named cookies.sqlite: (1) Profile for general Web surfing -- The file cookies.sqlite is marked "read only". When a Web server sends a cookie along with the HTML of a Web page, that cookie sits in the the browser's (SeaMonkey or Firefox) memory. It does not get written to the on-disc file until either the memory space for cookies is filled or (more likely) the browser is terminated. (2) Profile for accessing financial accounts -- The file cookies.sqlite is marked "read-write". As for stale cookies, the cookies in profile #2 above are sent back to the Web server when I request a Web page. The server returns those cookies with updated content. The content might identify my browser and PC. If I blocked cookies in this profile, the Web server would require me to go through several additional steps to login because the server does not recognize my configuration as belonging to an authentic user. The server might also not use my preferred settings for my account because those settings are in my cookies. -- Donald Trump claims everyone likes him. Does that include his ex-wives? How about the students who discovered that their education at Trump University was worthless? And how about the contractors, suppliers, and employees he stiffed in his several bankruptcies? _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey