Firefox 65: Can't stay logged in after firefox restarts
I routinely block all cookies and only allow those in my exception list. After upgrading firefox to 65, the exception list seems to regard "allow" as "allow for session". The observable effect is that I can't stay logged in for any website after restarting firefox. This has been tested on Google and other websites. Disabling all addons and deleting cookie files in the profile folder couldn't solve the problem either.
I also tested it on a new profile which actually worked well. How should I 'manually upgrade' my profile so it can still stay logged in after firefox restarts please? Btw, I'm using Ubuntu 18 LTS.
hi af32vxl, currently we're aware of a regression in firefox 65, where in case you have set a particular cookie permission for a subdomain (like https://site.example.com), this will override any permission like "allow" you might have set for the top level domain (https://example.com). is this the case in your setup for sites where you don't stay logged in across sessions as well?Read this answer in context 1
Additional System Details
- User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0
hi af32vxl, currently we're aware of a regression in firefox 65, where in case you have set a particular cookie permission for a subdomain (like https://site.example.com), this will override any permission like "allow" you might have set for the top level domain (https://example.com). is this the case in your setup for sites where you don't stay logged in across sessions as well?
Hmm. Not totally sure if that's the reason. Say, does it prevent google to stay logged in?
Based on your explanation, it's hard to tell exactly how the regression works when websites have a central subdomain for authentication (e.g. accounts.google.com). Although other subdomains should look for cookies from accounts.google.com, these cookies are set by accounts.google.com. So, as long as accounts.google.com has "allow" permission, other subdomains with "allow for session" should also work, right?
not entirely sure. in order to try to replicate your setup could you tell exactly, what kind of cookie permissions you have set for all *.google.com domains?
I managed to reproduce the problem on a new profile. The regression seems to be the cause and is more severe than I expected.
First add accounts.google.com, drive.google.com, and www.google.com as allow cookies. The login remains after restarts. Then add another hypothetical subdomain, say do-not-exist.google.com as allow for session. The login can no longer be maintained after restart.
The bug is solved in the nightly build.
Do you have suggestions on the possible solutions, and their pros & cons?
thanks for checking that nightly fixes the problem - it received a patch for it yesterday. it's looking likely that that fix will also be uplifted to 66.0b in the coming days but doubtful if it would still end up on a dot release version of 65.0.
at the moment i see no other solution on release than tweaking the permissions and removing any "blocked" or "allow for session only" for google subdomains to work around that problem on release unfortunately.
Thanks, philipp. That should be the solution for the problem at the moment.
However, I'm having another problem that prevents me from changing some of the permissions (https://support.mozilla.org/en-US/questions/1249232). Seems that complications arise when you have an aging profile. Would you mind having a look too?