Cookie-AutoDelete: [BUG] Some cookies appear to be stuck / CAD says it was deleted when it is not (FF 86+ Strict Mode / cross-site protection / dynamic first party isolation / total cookie protection)

Describe the bug

It appears as if under certain conditions CAD was not able to remove eligible cookies on Firefox, even though it tries. Even though it appears consistently in my browser profile I found it difficult to exactly reproduce it in a new browser profile. Cookies got stuck there too, but not the same.

To Reproduce

Steps to reproduce the behavior:

  1. Go to a Google site (google.com, youtube.com). Had it with Wikimedia cookies however too.
  2. Make sure you got cookies set.
  3. Close the tab.
  4. CAD should now attempt to clear the cookies in question.

Expected behavior

All eligible cookies should get removed.

Screenshots

Three attempts over four seconds

image

That screenshot should hopefully clearly show that CAD does determine these cookies as eligible for removal, but still fails to remove them

Your System Info

  • OS: Windows 8.1
  • Browser Info: Firefox 80
  • CookieAutoDelete Version: 3.4.0

Additional context

To be fair, it could be that is a general Firefox issue. With https://addons.mozilla.org/firefox/addon/cookie-quick-manager/ I don’t seem to be able to delete the cookies selectively either, I need to use Firefox own built-in cookie manager.

The cookies on “accounts.youtube.com” are called CheckConnectionTempCookie. Are there any known issues in this area?

About this issue

  • Original URL
  • State: open
  • Created 4 years ago
  • Reactions: 11
  • Comments: 67 (29 by maintainers)

Most upvoted comments

An update from https://bugzilla.mozilla.org/show_bug.cgi?id=1669716 reveals that a patch to the extension API for ‘partitionKey’ (needed for cross-site protection buckets) is added for milestone Firefox 94. Once this available on Dev channel, I’ll plan some time to look into getting it working again. I can’t guarantee that I’ll have it ready before Firefox 94 is released.

+13
kennethtran93 on Sep 30, 2021

FF94 landed as the main release this week and after updating I’m running into this issue where CAD does not want to actually delete anything.
Has there been any progress with this issue with regards to FPI and custom (3rd party) blocking? @kennethtran93

The existing FPI (third party/cross-site tracking) option should still work. I’m working on the dynamic version (cross-site cookies). In the process of adding more info to the cookies so that you can select which partitioned cookie to keep/erase.

+4
kennethtran93 on Nov 7, 2021

Just a heads up to all - it looks like since Firefox 94, the new dynamic partition / cross-site cookie / strict mode will not return any dynamically partitioned cookies through getAll without an additional attribute, so those cookies will still exist for the time being (CAD currently doesn’t know that it exists because the browsers aren’t returning them). Previously, they were being returned but couldn’t be deleted in any way (thus the constant similar cleanup logs).

On the bright side, the dynamic partition / strict mode / cross-site cookies should currently contain all third-party cookies to their specific first party sites, so many third-party sites should not easily know if you visited another site with their third-party cookies.

+3
kennethtran93 on Nov 21, 2021

Hey there.

For me, this problem has gone away from v94 (I’m currently on version 94.0.1x64, on Win10). I do not recall having changed any settings, one day it just went from “~598 cookies not deleted”, to always deleting everything; the only difference I noticed was the new-Firefox tab thing.

+3
armaguedes on Nov 12, 2021

@kennethtran93 The Firefox docs have been updated which should hopefully enable you to fix this: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/cookies#storage_partitioning

Most notably:

By default, cookies.get(), cookies.getAll(), cookies.set(), and cookies.remove() work with cookies in unpartitioned storage. To work with cookies in partitioned storage in these APIs, topLevelSite in partitionKey must be set. The exception is getAll where setting partitionKey without topLevelSite returned cookies in partitioned and unpartitioned storage.

+2
wagnerand on Jul 7, 2022

The commit has landed in mozilla-central so should be in the next Nightly. The API is documented here.

+2
klausenbusk on Sep 30, 2021

@kennethtran93

Just to confirm, Strict Mode “Cross-site Cookies” (dFPI) gave me issues (cookies not being removed on cleanup), I switched to Custom Mode w/ “Cross-site tracking cookies” a while ago and not had a problem since.

+2
Dealz-416LS on May 11, 2021

I guess someone is pushing on bugzilla, what attention is mozilla paying? Any hope of being able to see this fixed in the short-medium term?

I view the current state of dFPI with concern, especially with this other bug.

+1
ghost on Sep 25, 2022

@kennethtran93 If possible would you mind giving an update about this issue ? Because everyday this addon becomes more useless which is sucks cause the addon itself is great.

+1
ghost on Aug 2, 2022

‘Total cookie protection’ (ie. dfpi) is now rolling out by default, so this issue might begin effecting more users over the coming weeks/months.

https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/

+1
thrnz on Jun 19, 2022

CAD wasn’t logging any automatic deletions yesterday (probably since earlier but only noticed it yesterday) and when looking at the storage through about:preferences#privacy > Manage Data... it confirmed nothing was being deleted. Then I found this issue and after reading through it (specifically comment 838437838) I fiddled with FF’s cookie settings a bit and doing manual cleanups but it didn’t help. Since I, likely, wrongly assumed my problem was related to this issue (due to your comment at 930830620 specifically mentioning 94 and me just having updated to 94) I figured I’d wait for your reply and reverted to my original settings, but today, after restarting Firefox, it seems to behave (mostly) normally again. Not sure what was going on earlier.

Just changing the privacy setting doesn’t affect any existing cookies that was set with previous configurations. That only applies to newly created cookies and/or newly visited sites. And sometimes, a ‘turn off and on again’ would do the trick.

Only problem I see today is that, for some domains, the logger says it deleted “0 Cookie(s)” while it actually does delete everything, according to the Manage Data... dialog.

The ‘delete 0 cookies’ usually means that other site data is cleaned up. If you expand the clean up history log (if you enabled it), it would tell you that other browsing data types are being cleaned (even if there are none). This is because, unlike cookies, we cannot search through all the other browsing data types, so we manually set a cookie on the sites you visit so that there’s at least one cookie in there that allows us to know the domain to trigger cleanup for. The notification and logs will not account for the cookie that this webextension has set.

+1
kennethtran93 on Nov 8, 2021

Just reporting in: I’m running custom mode with everything turned on and it’s given me no troubles until today. I had a lot of trouble with being half-logged-in to amazon prime video, suspected cookie issues, ran a clean, no fix, took me some time and eventually I manually cleaned the cookies from firefox’s settings and everything came good. I can only conclude that the cleanup of cookies from the addon, didn’t actually remove the cookies.

+1
ghost on Sep 25, 2021

If the Cross-site cookies option is the one causing issues, why the same exact issue appears on both of my PCs, for like 1 month now. I was using the add-on with containers (strict mode) for years without a single problem. I tried Standard mode, Custom mode with whatever options (even with none of the protection options ticked) and ~200 cookies just cant be deleted, whatever I do. I read that we have to wait for the issue to be fixed, was just curious why Standart mode and no protection at all dont work as a current bugfix for me (on 2 PCs)

They’ve adjusted the cookie protection in strict mode to cross-site protection in 86+. This probably started setting newer and recently updated cookies to use an internal cookie value that we do not have access of.

This is just my guess, but removal of cookies with cross-site protection requires that internal value that is not provided to us. Changes to the protection would most likely only affect future cookies and not touch any existing ones. This applies both ways, so cookies created while its behavior is cross-site protection will be ignored and newly created cookies using non-cross-site protection (can use cross-site tracking protection) should be removable by webextensions.

+1
kennethtran93 on Apr 8, 2021

Came in to report that I’m experiencing the same issue on 86.0.1. What tipped me off is that the number of “deleted” cookies in the popup kept growing and I was seeing the same cookies over and over.

+1
maltalex on Mar 12, 2021

For what its worth, i am on 87.0b3 on windows desktop. With both, privacy.firstparty.isolate enabled and disabled, there are many cookies that are not getting deleted. Including account.google.com I have highlighted a couple

+1
candiesdoodle on Feb 27, 2021
Read more comments on GitHub
← Cookie-AutoDelete: [Bug] CAD makes Firefox browser hang without Cache Cleanup enabled
Cookie-AutoDelete: Doesn't work with Firefox's privacy.firstparty.isolate = true →