Intent to unship: network.cookie.lifetimePolicy

Skip to first unread message

Hannah Peuckmann

May 2, 2022, 5:11:16 AM5/2/22

With the release of Fx102 we intend to remove network.cookie.lifetimePolicy on desktop. 

Bug to remove: Bug 1681493 - [meta] Deprecate and remove network.cookie.lifetimePolicy

For most users, the concept of "session" cookies is very hard to understand and so we try to make it a little more opaque by calling the option "Delete cookies and site data when Nightly is closed". Because this can already be done with sanitization preferences we effectively end up with two different ways in Firefox to clear cookies and site data on exit. The difference between them is almost impossible to understand for anyone who is not a Firefox engineer.

In addition to usability concerns, having "in-memory-only" session cookie lifetime has meant adding ugly hacks and workarounds for most of our storage technologies for a long time now (or simply disabling them in that mode). We had already decided in the past to stop treating "session lifetime" as equivalent to "in-memory" to avoid these issues. At that point there's no real reason to have the concept of session lifetime anymore when all of it can be handled through sanitization.

We will remove the network.cookie.lifetimePolicy pref that is controlled by the  "Delete cookies and site data when Nightly is closed" option. Starting from Fx102, activating “Delete cookies and site data when nightly is closed” will trigger the sanitization mechanism, the feature that is behind the “Clear history when Nightly closes” option, to perform the same data cleaning as network.cookie.lifetimePolicy did.

The UI though will not experience any changes, also, the feature of being able to declare exceptions to “Delete cookies and site data when Nightly is closed” through the “Manage exceptions” button will still be taken into account when cleaning on shutdown (Bug 1681701).

Bug 1681498  will take care of migrating all users of the “Delete cookies and site data when Nightly is closed" option to matching sanitization prefs. According to telemetry data those are around 5.5% of the users on Release and 8%  of the Nightly users. 

Removing the network.cookie.lifetimePolicy will lead to a cleaner code base and a more convenient, more uniform sanitization process.

Reply all
Reply to author
0 new messages