hello, private browsing mode saves site data of the current session like cookies in RAM - they do not get stored on disk...

ohh I see.. thank you very much..

is there any way to see the content directly to the memory, so I can prove it? maybe from programming code or not? I mean not from developer tools.

hmm what happen if memory get full, the data will stored on disk? or just crash?

thanks in advance

according to https://wiki.mozilla.org/Private_Browsing#Persistent_Storage the implementation can't protect against memory content that the OS might put into a page file.

sorry, i don't have any clue about inspecting particular contents of your RAM - this doesn't sound like a straightforward simple task judging on a quick web search...

alright.. I begin understanding what's your point..

for last, I don't know if mozilla let user know to access their value on memory for see cookies on private mode..

There is the OS swap file to page data to the hard drive when you run out of free physical memory (virtual memory). That is the only time that this data might be getting stored on the hard drive. Only developer tools (Storage Inspector or using the command line document.cookie) can show cookies.

I get it there is some OS do it and only dev tools can show the cookies. -If it stored on hard drive after swap from memory, the data will be temporary or permanent on disk?

-what OS do swap? Mac, linux or windows?

-and one more question after I learn more about cookies. I found that even in non private mode, browser store the cookies at sqlite(disk) but some of them only just in memory. Who responsible to choose that cookies is stored at disk or memory? for example cookies __cfduid. I found that, some of them are permanent on disk, but another just temporary only on memory even from same website. (edit post) for some additional information, both the cookies that stored permanently and cookies that stored temporary have expired date on next year, so I assume that there is cookies stored on memory even in non private mode

All operating systems can swap data to disk. The purpose of virtual memory is to extend your installed physical memory with memory stored on the hard drive to be able to run more applications at the same time. Linux has a special swap partition.

There are two kinds of cookies, session cookies that expire when you close Firefox and persistent cookies that have their own expiration date as specified when they are created. This expiration date can be a short time span (minutes, hours) or longer (days, years). You can create a full cookie allow exception and an allow for session exception (Manage Permissions). Note that even session cookies can be swapped temporarily to the hard drive when you open a Private Browsing mode window that has its own separate in-memory cookie jar.

cor-el said

All operating systems can swap data to disk. The purpose of virtual memory is to extend your installed physical memory with memory stored on the hard drive to be able to run more applications at the same time. Linux has a special swap partition. There are two kinds of cookies, session cookies that expire when you close Firefox and persistent cookies that have their own expiration date as specified when they are created. This expiration date can be a short time span (minutes, hours) or longer (days, years). You can create a full cookie allow exception and an allow for session exception (Manage Permissions).

At above, I already understand about this, thank you very much.

cor-el said

Note that even session cookies can be swapped temporarily to the hard drive when you open a Private Browsing mode window that has its own separate in-memory cookie jar.

from above, terms "in-memory cookie jar" means on RAM right?

To clear out about my question, I'll give you two sample cookies. 1. Cookies stored on sqlite when I entered for first time of some website and not never cookies stored before. Below is the request and response header: Request:

Host: www.<somewebsite>.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1

Response:

HTTP/2.0 200 OK date: Thu, 11 Jul 2019 11:48:39 GMT content-type: text/html; charset=utf-8 set-cookie: __cfduid=dfd1c5fc6d89dcfe544494ec37c71f742156284571; expires=Fri, 10-Jul-20 11:48:39 GMT; path=/; domain=.<somewebsite>.com; HttpOnly vary: Accept-Encoding x-frame-options: SAMEORIGIN set-cookie: ID=jo1brcukgr8ca0o5chinnpiikunkcaoheoha8v9vpkotfl0k5r; path=/; domain=.<somewebsite>.com; secure; HttpOnly expires: Thu, 11 Jul 2019 12:18:39 GMT last-modified: Thu, 11 Jul 2019 11:48:39 GMT pragma: cache cache-control: max-age=1800 expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 4f4a8cb01c36321-SIN content-encoding: br X-Firefox-Spdy: h2

and from this, I found that __cfduid=dfd1c5fc6d89dcfe544494ec37c71f742156284571 is stored on cookies.sqlite

2. Cookies not stored on sqlite after I enter the website and have cookies cfduid that stored on sqlite like above, I just go to another page on the same website, and this is happen. Request:

Host: ap.<sameweb>.com User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.<sameweb>.com/ Origin: https://www.<sameweb>.com DNT: 1 Connection: keep-alive

Response:

HTTP/2.0 200 OK date: Thu, 11 Jul 2019 12:04:45 GMT content-type: application/json; charset=utf-8 set-cookie: __cfduid=d27d7b38daf1ce6f0c7f9584680e3c4b6156284668; expires=Fri, 10-Jul-20 12:04:45 GMT; path=/; domain=.<sameweb>.com; HttpOnly vary: Accept-Encoding x-fr24-cache: partial x-powered-by: AB access-control-allow-origin: * access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept x-cache: MISS expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 4f4aa445baf9cbd-SIN content-encoding: br X-Firefox-Spdy: h2

from this 2nd cookies of cfduid, after I checked, it is never stored on sqlite. But 1st cookies of cfduid still on sqlite.

why this is happen? Is firefox or other browser choose what cookies need to be stored? or just from server of the web is the one who responsible to choose to stored on disk or not?

Both cookies, 1st and 2nd have expired on year 2020, so it means "persistent cookies", right?

Note: this web is accessed from non private mode, so both of cookies is belong on non private mode.

thanks in advance.. I'm still learning more about cookies.. ^^