Cookie lifetimes not enforced
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Midori Web Browser |
Fix Released
|
High
|
Cris Dywan |
Bug Description
I want Midori to only keep cookies from a couple sites that I know in advance, to protect my privacy.
It was suggested that I set the cookie lifetime in preferences to 1 hour so that cookies from advertisers etc. would not persist between visits to sites, so I set that in preferences. Despite setting cookie lifetime to 1 hour, existing cookies from advertisers etc. were not deleted after several hours and several browser restarts (more than an hour apart).
It might be that cookies can be "grandfathered in" past the lifetime set in preferences. However, I think we might need to reconsider cookie handling in general. Most users want to stay logged into their favorite sites long-term but don't want to be tracked by advertisers long-term, and this seems like it requires a whitelist approach to cookie handling.
Related branches
- André Stösel: Approve
-
Diff: 61 lines (+30/-17)1 file modifiedmidori/midori-session.c (+30/-17)
Changed in midori: | |
status: | New → Confirmed |
milestone: | none → 0.5.5 |
Changed in midori: | |
assignee: | nobody → Christian Dywan (kalikiana) |
Changed in midori: | |
status: | Confirmed → Fix Committed |
Changed in midori: | |
status: | Fix Committed → Fix Released |
I'm thinking that we should drop our KatzeHttpCookie s(Sqlite) and move to using SoupCookieJarSqlite with a changed callback to enforce policy. With WebKit2 we'll not use libSoup directly and this is the only approach available. We require 2.27.90 these days so that is feasible. It would also reduce code in core, and we can leave any non-trivial features to the extension.