X
Tap here to go to the mobile version of the site.

Support Forum

Firefox 65: Can't stay logged in after firefox restarts

Posted

I routinely block all cookies and only allow those in my exception list. After upgrading firefox to 65, the exception list seems to regard "allow" as "allow for session". The observable effect is that I can't stay logged in for any website after restarting firefox. This has been tested on Google and other websites. Disabling all addons and deleting cookie files in the profile folder couldn't solve the problem either.

I also tested it on a new profile which actually worked well. How should I 'manually upgrade' my profile so it can still stay logged in after firefox restarts please? Btw, I'm using Ubuntu 18 LTS.

I routinely block all cookies and only allow those in my exception list. After upgrading firefox to 65, the exception list seems to regard "allow" as "allow for session". The observable effect is that I can't stay logged in for any website after restarting firefox. This has been tested on Google and other websites. Disabling all addons and deleting cookie files in the profile folder couldn't solve the problem either. I also tested it on a new profile which actually worked well. How should I 'manually upgrade' my profile so it can still stay logged in after firefox restarts please? Btw, I'm using Ubuntu 18 LTS.

Chosen solution

hi af32vxl, currently we're aware of a regression in firefox 65, where in case you have set a particular cookie permission for a subdomain (like https://site.example.com), this will override any permission like "allow" you might have set for the top level domain (https://example.com). is this the case in your setup for sites where you don't stay logged in across sessions as well?

Read this answer in context 1
Quote

Additional System Details

Application

  • User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0

More Information

philipp
  • Top 25 Contributor
  • Moderator
5251 solutions 23225 answers

Chosen Solution

hi af32vxl, currently we're aware of a regression in firefox 65, where in case you have set a particular cookie permission for a subdomain (like https://site.example.com), this will override any permission like "allow" you might have set for the top level domain (https://example.com). is this the case in your setup for sites where you don't stay logged in across sessions as well?

hi af32vxl, currently we're aware of a regression in firefox 65, where in case you have set a particular cookie permission for a subdomain (like https://site.example.com), this will override any permission like "allow" you might have set for the top level domain (https://example.com). is this the case in your setup for sites where you don't stay logged in across sessions as well?
Was this helpful to you? 1
Quote

Question owner

Hmm. Not totally sure if that's the reason. Say, does it prevent google to stay logged in?

Based on your explanation, it's hard to tell exactly how the regression works when websites have a central subdomain for authentication (e.g. accounts.google.com). Although other subdomains should look for cookies from accounts.google.com, these cookies are set by accounts.google.com. So, as long as accounts.google.com has "allow" permission, other subdomains with "allow for session" should also work, right?

Hmm. Not totally sure if that's the reason. Say, does it prevent google to stay logged in? Based on your explanation, it's hard to tell exactly how the regression works when websites have a central subdomain for authentication (e.g. accounts.google.com). Although other subdomains should look for cookies from accounts.google.com, these cookies are set by accounts.google.com. So, as long as accounts.google.com has "allow" permission, other subdomains with "allow for session" should also work, right?
Was this helpful to you?
Quote
philipp
  • Top 25 Contributor
  • Moderator
5251 solutions 23225 answers

not entirely sure. in order to try to replicate your setup could you tell exactly, what kind of cookie permissions you have set for all *.google.com domains?

not entirely sure. in order to try to replicate your setup could you tell exactly, what kind of cookie permissions you have set for all *.google.com domains?
Was this helpful to you? 0
Quote

Question owner

I managed to reproduce the problem on a new profile. The regression seems to be the cause and is more severe than I expected.

First add accounts.google.com, drive.google.com, and www.google.com as allow cookies. The login remains after restarts. Then add another hypothetical subdomain, say do-not-exist.google.com as allow for session. The login can no longer be maintained after restart.

The bug is solved in the nightly build.

Do you have suggestions on the possible solutions, and their pros & cons?

I managed to reproduce the problem on a new profile. The regression seems to be the cause and is more severe than I expected. First add accounts.google.com, drive.google.com, and www.google.com as allow cookies. The login remains after restarts. Then add another hypothetical subdomain, say do-not-exist.google.com as allow for session. The login can no longer be maintained after restart. The bug is solved in the nightly build. Do you have suggestions on the possible solutions, and their pros & cons?
Was this helpful to you?
Quote
philipp
  • Top 25 Contributor
  • Moderator
5251 solutions 23225 answers

Helpful Reply

thanks for checking that nightly fixes the problem - it received a patch for it yesterday. it's looking likely that that fix will also be uplifted to 66.0b in the coming days but doubtful if it would still end up on a dot release version of 65.0.

at the moment i see no other solution on release than tweaking the permissions and removing any "blocked" or "allow for session only" for google subdomains to work around that problem on release unfortunately.

thanks for checking that nightly fixes the problem - it received a patch for it yesterday. it's looking likely that that fix will also be uplifted to 66.0b in the coming days but doubtful if it would still end up on a dot release version of 65.0. at the moment i see no other solution on release than tweaking the permissions and removing any "blocked" or "allow for session only" for google subdomains to work around that problem on release unfortunately.
Was this helpful to you? 1
Quote

Question owner

Thanks, philipp. That should be the solution for the problem at the moment.

However, I'm having another problem that prevents me from changing some of the permissions (https://support.mozilla.org/en-US/questions/1249232). Seems that complications arise when you have an aging profile. Would you mind having a look too?

Thanks, philipp. That should be the solution for the problem at the moment. However, I'm having another problem that prevents me from changing some of the permissions (https://support.mozilla.org/en-US/questions/1249232). Seems that complications arise when you have an aging profile. Would you mind having a look too?
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.