Cookie management

I think a whitelist/ blacklist mechanism should have a pretty small impact on generally, the crucial point is probably the graphical interface which could be simple or more advanced.

It might be worth a thought whether adding this to the new Cookie Manager extension makes sense, a new extension (combined with advertisement blocking?) or partly core, more advanced features in an extension.

kalikiana

I think it would be pretty useless to add an cookie management GUI to the core because most people just don't care about cookies. A system like in Konqueror would suck. It asks on every new browsed website if you'd like to accept those cookies. A simple whitelist, maybe only in a textfile would be enough

wosee

Well, either nobody cares or we want some proper way to work with cookies. I have heard from a number of users in IRC and private conversations how much they like the Cookie Manager even though it's only a cuple of days old. So I tend to think people do care.

If Midori supports a whitelist it must either be a common standard which users know about and frontends exist for OR Midori should have some kind of interface, however minimal it may be. There is no sense in implementing a feature with the assumption that only you and me will use it =)

kalikiana

I'm not sure whether such a feature really fits into the Cookie Manager extension. At least my initial intention in writing it was to list and view existent cookies. Adding some interface for managing security policies like whether what cookies to deny/accept/confirm is IMO a bit out of scope of the extension.

Suggestion:
add a little button in Midori's preferences dialog next to the existent cookie settings which opens a dialog with a text field to add URLs to a whitelist or blacklist or both. This would be small and still good enough to be easy to use, I think.

Or should we add exactly this to the Cookie Manager extension?

eth16

I didn't quite get that, I don't know that cookie manager extension. However, if people do care about cookies there should be a possibility to accept/deny cookies. I assumed that people don't care because most people even don't know that websites store cookies on their computers and many browsers do not offer a way to create a whitelist for cookies. Do you have a whitelist for cookies you'd like to accept in other browsers (e.g. in Firefox?)

kosee

To fill the cookie blacklist/whitelist when it will be created, I would like a dialog to pop-up when a website tries to set a cookie, asking me if I want to store, reject or keep for the session the cookies from this site.
Of course this has to be an extension/option.

calimero

I think this feature is MUST for browser. The best way to do this I have ever seen have Galeon browser. I think it can be inspiration :)

Lukyn

So what's the status?

wosee

No progress at the moment I'm afraid.

kalikiana

I really like midori, but I'm not sure I can give up the cookie rules that galeon offers. They're far from perfect, but they are the best I have found. I have them set to:

1. Always accept any session cookie
2. For non-session cookies, ask me (and remember what I say)

WIthout those rules, I either have to accept all cookies, and be tracked across the web, or accept all cookies but manually clean them up regularly, or only accept session cookies and have to log back into all my favorite sites at least once a day. None of those are appealing.

I would be willing to try writing an extension, but haven't seen any documentation about how midori extensions work.

peakhope

I think for something like "Ask whether to accept non-session cookies" we'll need direct support in the core. Why? Because SoupCookieJar emits a "changed" signal for any cookie changes and it is not possible to prevent the core from saving or not saving selectively. So an extension would have to reimplement part, maybe most of this, which isn't quite attractive.

I take privacy very seriously, so for what I want, an additional choice in the combo box doing exactly what you explained would be fine. Remembering the answer of "Save this cookie" could go into a whitelist or blacklist. Maybe storing the lists can go into an extension, maybe not, I'd say that's a detail we can discuss once the "Ask... non-session cookies" option works.

Kevin, if you are up to it, I will be happy to answer any questions about how the current code works.

kalikiana

I really like midori, but I'm not sure I can give up the cookie rules that galeon offers. They're far from perfect, but they are the best I have found. I have them set to:

1. Always accept any session cookie
2. For non-session cookies, ask me (and remember what I say)

WIthout those rules, I either have to accept all cookies, and be tracked across the web, or accept all cookies but manually clean them up regularly, or only accept session cookies and have to log back into all my favorite sites at least once a day. None of those are appealing.

I would be willing to try writing an extension, but haven't seen any documentation about how midori extensions work.

peakhope

I haven't touched C in many years (and told myself I wouldn't), but I may give it a shot. I'm a ruby guy now, or Java when necessary.

I'm writing this partly to remind myself later, and partly to give a hint to anyone else who might get to it before me: It looks like I'll just have to add another "else if" to cookie_jar_changed_cb in katze/katze-http-cookies.c that will bring up a simple modal dialog with a couple buttons. I'll use midori_search_action_get_dialog from midori/midor-searchaction.c as a pattern for building a dialog in GTK (since I couldn't find a simpler dialog to pattern after).

peakhope

I would just like to add a vote for a feature like this. I specifically registered for Flyspray just to say this.

Even an option to be asked about every cookie would be an okay start. I simply can't use Midori as my main browser because I insist on turning cookies off completely.

pogeymanz

I'd like to add my vote and .2$: I think the cookie handling in Firefox is a good trade-off betwenn features and usability. So my proposal would be the following options:

[ ] Accept cookies
[ ] only from sites I visit
[ ] session cookies only
and keep them
[ ] forever
[ ] until I close the tab/browser window [Exceptions]

This way, we should be able to configure most of the desired behaviour.

kwurzel

A white and black list is fine for me :P and if people don't care about cookies is not my problem.

fbarrigar

Hi, I wrote a plug-in for a whitelist-feature:
https://bugs.launchpad.net/midori/+bug/836729

The maintenace is now gone, and that version is too old.
https://tracker.debian.org/pkg/midori