Intent to unship: network.cookie.lifetimePolicy

125 views
Skip to first unread message

Hannah Peuckmann

unread,
May 2, 2022, 5:37:11 AM5/2/22
to dev-pl...@mozilla.org

With the release of Fx102 we intend to remove network.cookie.lifetimePolicy on desktop. 

Bug to remove: Bug 1681493 - [meta] Deprecate and remove network.cookie.lifetimePolicy


For most users, the concept of "session" cookies is very hard to understand and so we try to make it a little more opaque by calling the option "Delete cookies and site data when Nightly is closed". Because this can already be done with sanitization preferences we effectively end up with two different ways in Firefox to clear cookies and site data on exit. The difference between them is almost impossible to understand for anyone who is not a Firefox engineer.

In addition to usability concerns, having "in-memory-only" session cookie lifetime has meant adding ugly hacks and workarounds for most of our storage technologies for a long time now (or simply disabling them in that mode). We had already decided in the past to stop treating "session lifetime" as equivalent to "in-memory" to avoid these issues. At that point there's no real reason to have the concept of session lifetime anymore when all of it can be handled through sanitization.

We will remove the network.cookie.lifetimePolicy pref that is controlled by the  "Delete cookies and site data when Nightly is closed" option. Starting from Fx102, activating “Delete cookies and site data when nightly is closed” will trigger the sanitization mechanism, the feature that is behind the “Clear history when Nightly closes” option, to perform the same data cleaning as network.cookie.lifetimePolicy did.

The UI though will not experience any changes, also, the feature of being able to declare exceptions to “Delete cookies and site data when Nightly is closed” through the “Manage exceptions” button will still be taken into account when cleaning on shutdown (Bug 1681701).

Bug 1681498  will take care of migrating all users of the “Delete cookies and site data when Nightly is closed" option to matching sanitization prefs. According to telemetry data those are around 5.5% of the users on Release and 8%  of the Nightly users. 

Removing the network.cookie.lifetimePolicy will lead to a cleaner code base and a more convenient, more uniform sanitization process.

Chris Peterson

unread,
May 3, 2022, 12:55:08 PM5/3/22
to dev-pl...@mozilla.org
When Firefox restarts to apply a new version update and store the previous session, does that count as "closing Firefox"?
--
You received this message because you are subscribed to the Google Groups "dev-pl...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CACyJHNRVhEnBePbo5_NSffOSVnbUaVRUgJEmOp4r3BnycK%3DRCg%40mail.gmail.com.

Hannah Peuckmann

unread,
Jul 18, 2022, 4:02:38 AM7/18/22
to dev-pl...@mozilla.org, Hannah Peuckmann
Update:

We postponed our work to Fx103. We granted our patches an additional cycle in Nighty to be on the safe side in regards to bugs. Hence, Starting from Fx103, activating “Delete cookies and site data when nightly is closed” will trigger the sanitization mechanism, the feature that is behind the “Clear history when Nightly closes” option, to perform the same data cleaning as network.cookie.lifetimePolicy did. Starting from Fx104, network.cookie.lifetimePolicy will be removed from the code base entirely.

Tom Ritter

unread,
Jul 18, 2022, 10:42:56 AM7/18/22
to Hannah Peuckmann, dev-pl...@mozilla.org
I'm sorry I missed this email the first time and am now raising questions on it.  How does this relate to disk writes?  Will we now write session cookies to disk (and then sanitize them on shutdown?)  What if we crash, and don't run the sanitization code, will we detect them and sanitize them on startup?

-tom

--
You received this message because you are subscribed to the Google Groups "dev-pl...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform...@mozilla.org.

Hannah Peuckmann

unread,
Jul 19, 2022, 12:12:05 PM7/19/22
to dev-pl...@mozilla.org, Tom Ritter, dev-pl...@mozilla.org, Hannah Peuckmann
The original intent to unship might be a bit misleading in regards to session cookies.
We are not going to remove the concept of a session cookie. We are just not downgrading cookies to session anymore if shutdown cleaning is activated via “clear cookies and site data when Nightly is closed”. With network.cookie.lifetimePolicy activated, cookies were downgraded to session. The sanitizeOnShutdown mechanism does not do this. Network.cookie.lifetimePolicy did not manage session cookies or cleaned up cookies that reached their expiration date. So, the way session cookies are handled will not be changed. In general, if we crash and could not clean on shutdown we have a mechanism to  run the sanitization on startup. I hope this answers your question.


To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform+unsubscribe@mozilla.org.

Tom Ritter

unread,
Jul 19, 2022, 2:33:03 PM7/19/22
to Hannah Peuckmann, dev-pl...@mozilla.org, Tom Ritter, Richard Pospesel
The first email referenced in-memory handling of cookies, so (with my Tor hat, not my Mozilla hat) the concern would be that this will cause disk writes.  Tor Browser tries hard to avoid writing anything to disk, especially not information that leaks the browsing history.  If session cookies (or non-session cookies treated as session cookies, or non-session cookies that will be wiped at the end of the session) are being written to disk (either before this change, or after it) it would be something we should make Tor aware of so Tor can determine how to handle the situation.  (Which might be backing out the Mozilla patch in Tor Browser, or asking Mozilla very nicely if they would reconsider.)  I'm going to cc the Tor Browser lead in on the email...

-tom

To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform...@mozilla.org.

Nick Alexander

unread,
Jul 19, 2022, 2:43:14 PM7/19/22
to Tom Ritter, Hannah Peuckmann, dev-pl...@mozilla.org, Richard Pospesel
Hello Tor and adjacent friends!

On Tue, Jul 19, 2022 at 11:33 AM Tom Ritter <t...@mozilla.com> wrote:
The first email referenced in-memory handling of cookies, so (with my Tor hat, not my Mozilla hat) the concern would be that this will cause disk writes.  Tor Browser tries hard to avoid writing anything to disk, especially not information that leaks the browsing history.  If session cookies (or non-session cookies treated as session cookies, or non-session cookies that will be wiped at the end of the session) are being written to disk (either before this change, or after it) it would be something we should make Tor aware of so Tor can determine how to handle the situation.  (Which might be backing out the Mozilla patch in Tor Browser, or asking Mozilla very nicely if they would reconsider.)  I'm going to cc the Tor Browser lead in on the email...

You might be interested in https://bugzilla.mozilla.org/show_bug.cgi?id=1675829, which allows to drop cookies on the floor entirely.  I'm not sure that's appropriate for Tor -- perhaps you want a functioning cookie store that does not persist (at any point, save OS-level paging) -- but it might be valuable.

Best,
Nick

Paul Zühlcke

unread,
Jul 20, 2022, 5:13:17 AM7/20/22
to dev-pl...@mozilla.org, Tom Ritter, dev-pl...@mozilla.org, Richard Pospesel, Hannah Peuckmann
Hi Tom!

Removing the cookie lifetime policy feature does not change how we treat session cookies. Enabling `network.cookie.lifetimePolicy` simply meant that all cookies would be downgraded to session cookies, no matter how they were set. However, the feature didn't avoid disk-writes when it came to other storages.
When the user has clearing on shutdown enabled, now that we've switched over to the sanitize-on-shutdown mechanism, cookies are no longer downgraded, but stored normally (on disk) and cleared on shutdown (or startup if there was a crash).
If you're trying to avoid disk-writes for both cookies & storage I'd suggest using private browsing mode (e.g. via `browser.privatebrowsing.autostart`).

Best Regards,
Paul

To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform+unsubscribe@mozilla.org.

Paul Zühlcke

unread,
Jul 20, 2022, 6:12:49 AM7/20/22
to ric...@torproject.org, dev-pl...@mozilla.org, Tom Ritter, Hannah Peuckmann
Correct, removing the cookie lifetime policy feature does not change PBM behavior.

On Wed, 20 Jul 2022 at 12:10, Richard Pospesel <posp...@riseup.net> wrote:
Paul: So then the behaviour surrounding disk-writes of cookies and other misc session storage is
remaining the same in private browsing mode?

best,
-Richard


On 7/20/22 09:13, Paul Zühlcke wrote:
> Hi Tom!
>
> Removing the cookie lifetime policy feature does not change how we treat session cookies. Enabling
> `network.cookie.lifetimePolicy` simply meant that all cookies would be downgraded to session
> cookies, no matter how they were set. However, the feature didn't avoid disk-writes when it came to
> other storages

> When the user has clearing on shutdown enabled, now that we've switched over to the
> sanitize-on-shutdown mechanism, cookies are no longer downgraded, but stored normally (on disk) and
> cleared on shutdown (or startup if there was a crash).
> If you're trying to avoid disk-writes for both cookies & storage I'd suggest using private browsing
> mode (e.g. via `browser.privatebrowsing.autostart`).
>
> Best Regards,
> Paul
>
> On Tuesday, 19 July 2022 at 20:33:03 UTC+2 Tom Ritter wrote:
>
>     The first email referenced in-memory handling of cookies, so (with my Tor hat, not my Mozilla
>     hat) the concern would be that this will cause disk writes.  Tor Browser tries hard to avoid
>     writing anything to disk, especially not information that leaks the browsing history.  If
>     session cookies (or non-session cookies treated as session cookies, or non-session cookies that
>     will be wiped at the end of the session) are being written to disk (either before this change,
>     or after it) it would be something we should make Tor aware of so Tor can determine how to
>     handle the situation.  (Which might be backing out the Mozilla patch in Tor Browser, or asking
>     Mozilla very nicely if they would reconsider.)  I'm going to cc the Tor Browser lead in on the
>     email...
>
>     -tom
>
>     On Tue, Jul 19, 2022 at 12:12 PM Hannah Peuckmann <hpeuc...@mozilla.com
>     <mailto:hpeuc...@mozilla.com>> wrote:
>
>         The original intent to unship might be a bit misleading in regards to session cookies.
>         We are not going to remove the concept of a session cookie. We are just not downgrading
>         cookies to session anymore if shutdown cleaning is activated via “clear cookies and site
>         data when Nightly is closed”. With network.cookie.lifetimePolicy activated, cookies were
>         downgraded to session. The sanitizeOnShutdown mechanism does not do this.
>         Network.cookie.lifetimePolicy did not manage session cookies or cleaned up cookies that
>         reached their expiration date. So, the way session cookies are handled will not be changed.
>         In general, if we crash and could not clean on shutdown we have a mechanism to  run the
>         sanitization on startup. I hope this answers your question.
>
>
>         On Monday, July 18, 2022 at 4:42:56 PM UTC+2 Tom Ritter wrote:
>
>             I'm sorry I missed this email the first time and am now raising questions on it.  How
>             does this relate to disk writes?  Will we now write session cookies to disk (and then
>             sanitize them on shutdown?)  What if we crash, and don't run the sanitization code, will
>             we detect them and sanitize them on startup?
>
>             -tom
>
>             On Mon, Jul 18, 2022 at 4:02 AM Hannah Peuckmann <hpeuc...@mozilla.com
>             <mailto:hpeuc...@mozilla.com>> wrote:
>
>                 Update:
>
>                 We postponed our work to Fx103. We granted our patches an additional cycle in Nighty
>                 to be on the safe side in regards to bugs. Hence, Starting from Fx103, activating
>                 “Delete cookies and site data when nightly is closed” will trigger the sanitization
>                 mechanism, the feature that is behind the “Clear history when Nightly closes”

>                 to perform the same data cleaning as network.cookie.lifetimePolicy did. Starting
>                 from Fx104, network.cookie.lifetimePolicy will be removed from the code base entirely.
>
>                 On Monday, May 2, 2022 at 11:37:11 AM UTC+2 Hannah Peuckmann wrote:
>
>                     With the release of Fx102 we intend to remove network.cookie.lifetimePolicy on
>                     desktop.
>
>                     Bug to remove: Bug 1681493 - [meta] Deprecate and remove
>                     network.cookie.lifetimePolicy <https://bugzilla.mozilla.org/show_bug.cgi?id=1681493>

>
>
>                     For most users, the concept of "session" cookies is very hard to understand and
>                     so we try to make it a little more opaque by calling the option "Delete cookies
>                     and site data when Nightly is closed". Because this can already be done with
>                     sanitization preferences we effectively end up with two different ways in
>                     Firefox to clear cookies and site data on exit. The difference between them is
>                     almost impossible to understand for anyone who is not a Firefox engineer.
>
>                     In addition to usability concerns, having "in-memory-only" session cookie
>                     lifetime has meant adding ugly hacks and workarounds for most of our storage
>                     technologies for a long time now (or simply disabling them in that mode). We had
>                     already decided in the past to stop treating "session lifetime" as equivalent to
>                     "in-memory" to avoid these issues. At that point there's no real reason to have
>                     the concept of session lifetime anymore when all of it can be handled through
>                     sanitization.
>
>                     We will remove the network.cookie.lifetimePolicy pref that is controlled by the
>                       "Delete cookies and site data when Nightly is closed"

>                     Starting from Fx102, activating “Delete cookies and site data when nightly is
>                     closed” will trigger the sanitization mechanism, the feature that is behind the
>                     “Clear history when Nightly closes”

>                     to perform the same data cleaning as network.cookie.lifetimePolicy did.
>
>                     The UI though will not experience any changes, also, the feature of being able
>                     to declare exceptions to “Delete cookies and site data when Nightly is closed”
>                     through the “Manage exceptions

>                     button will still be taken into account when cleaning on shutdown (Bug 1681701
>                     <https://bugzilla.mozilla.org/show_bug.cgi?id=1681701>).
>
>                     Bug 1681498 <https://bugzilla.mozilla.org/show_bug.cgi?id=1681498> will take

>                     care of migrating all users of the “Delete cookies and site data when Nightly is
>                     closed" option to matching sanitization prefs. According to telemetry data
>                     <https://sql.telemetry.mozilla.org/queries/85568/source#211908>those are around

>                     5.5% of the users on Release and 8%  of the Nightly users.
>
>                     Removing the network.cookie.lifetimePolicy will lead to a cleaner code base and
>                     a more convenient, more uniform sanitization process.
>
>                 --
>
>                 You received this message because you are subscribed to the Google Groups
>                 "dev-pl...@mozilla.org <mailto:dev-pl...@mozilla.org>" group.

>                 To unsubscribe from this group and stop receiving emails from it, send an email to
>                 dev-platform...@mozilla.org <mailto:dev-platform...@mozilla.org>.

>
>                 To view this discussion on the web visit
>                 https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/6089e716-2f2c-42cd-9c9f-cceab03ec7afn%40mozilla.org
Reply all
Reply to author
Forward
0 new messages