Do you close all open tabs before closing Firefox to prevent Firefox from storing this data as part of the session data?

cor-el said

Do you close all open tabs before closing Firefox to prevent Firefox from storing this data as part of the session data?

Originally I didnt but when I was running the tests before making this thread I only had one webpage opened. But i've now found that FF will clear a login but only on the activated tab at the time of closing.

For example I had Gmail and Facebook open and logged into on both of them. I closed FF, reopened and was still logged in to both. Restarted again but this time only opened GMail, closed FF, restarted, and I was logged out of Gmail. Without closing FF I went to Facebook to check, but I was still logged in even though I didnt even open the page the last time. Did another restart, went straight to facebook, closed FF and then when I checked I was no longer logged into Facebook.

This seems like an odd way of doing things if this is how you have to ensure you're logged out every time. Is this how its supposed to work?

Unfortunately it seems so : To submit suggestions for new or changed features, may I suggest: Feedback:

• https://qsurvey.mozilla.com/s3/FirefoxInput/

Please let us know if this solved your issue or if need further assistance.

You can set this pref to 2 to prevent Firefox from storing cookie data in the sessionstore files.

• browser.sessionstore.privacy_level = 2
• http://kb.mozillazine.org/browser.sessionstore.privacy_level

You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.

• http://kb.mozillazine.org/about:config

You should log out of the sites when you want to end the session. Until you do, that session is live on the server. Even if you destroy your copy of the cookie you need to access it, in the unlikely event that another program or person stole the cookie at any point, they could impersonate you on the service.

Well it seems to have started working now for all tabs and websites i'm logged into.

Maybe it just took a while for the cookies thing to kick in for one reason or another.

But now its created a new problem. While I'm now logged out of websites when I close FF, and when I reopen FF all I need to do is log into LastPass to have access to all my other accounts. The problem now is that at least with Google I constantly have to enter new 2-step verification codes sent to my phone. So every time I start a new session and try to log into Gmail I get a text with a code sent to my phone I have to input too. I get this is a secure way of doing things but especially for at home use its really inconvenient.

The only way i've managed to stop this is to enable cookies once again. But with cookies enables my logins arent cleared when I close FF.

You need to allow the cookies from Google, if not will get that. Though might be away in Google if go to your settings panel and turn off 2 step Verification Will find other sites that will need them also. Have you tried anything from here :

• https://addons.mozilla.org/en-US/firefox/extensions/

Copy/Paste cookies into the search bar, will see why copy/paste when there.

Please let us know if this solved your issue or if need further assistance.

A detail like a website remembering you (log you in automatically) is stored in a cookie.

You can use these steps to make a website recognize and remember you:

• you can create an "Allow" exception to keep specific cookies, especially in case of secure websites and when cookies expire when Firefox is closed.
• Options/Preferences -> Privacy & Security -> Cached Web Content: "Clear Now": Exceptions

Let the cookies expire when Firefox is closed to make them session cookies instead of using "Clear history when Firefox closes" to clear the cookies.

• Options/Preferences -> Privacy & Security -> "Use custom settings for history" -> Cookies: Keep until: "I close Firefox"

You can create an "Allow" exception to keep specific cookies.

In case you use "Clear history when Firefox closes" or otherwise clear history.

• do not clear the Cookies
• do not clear the Site Preferences

• Options/Preferences -> Privacy & Security -> Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" -> Settings
• https://support.mozilla.org/en-US/kb/delete-browsing-search-download-history-firefox

• clearing "Site Preferences" clears exceptions for cookies, images, pop-up windows, and software installation and exception for password and other website specific data
• clearing "Cookies" will remove all selected cookies including cookies with an "Allow" exception you may want to keep

Along those same lines, you can set your general policy to "session only" cookies using:

Firefox will: Use custom settings for history

[X] Accept cookies from sites

Keep until: I close Firefox

Then you can create site-specific exceptions for sites for which it is painful not to use persistent cookies.

There isn't a way to say that you want Google Cookie A to persist but Google Cookie B to expire out, at least not a built-in feature for that.

I'm still not sure if im doing this right. I think I followed both of your instructions but I'm still getting the same result.

Im attaching an image of my current settings. I currently have mail.google.com ; www.google.com ; and www.youtube.com as allowed exceptions for cookies.

But these settings still require me to punch in a number google texts to me when logging into my Google accounts. There's just no way to have google remember my computer with these settings?

Its not such a big deal with other websites, but any website that has 2-factor authentication makes me punch in a number every time and I dont want to have to do that, but I would like to still keep 2 factor. Is this not possible?

Have a much different interface for that area than I do.

You have the box "Keep until I close Firefox" Sorta defeats do it all until close. Is why still have to do the Auth. You may want to give this a try : https://addons.mozilla.org/en-US/firefox/addon/a-cookie-manager/ There are a few others listed but would have to enter cookies in the search box then copy the word or will be entering it a lot.

Please let us know if this solved your issue or if need further assistance

Can you post a screenshot of the cookie exception window?

Note that you keep cookies from sites that have an exception if you use keep until I close Firefox, so for such sites it is even more important to log out before you close Firefox.

Make sure that you use the correct protocol (https://) if create exceptions yourself.

• https://google.com
• https://www.google.com

cor-el said

Can you post a screenshot of the cookie exception window? Note that you keep cookies from sites that have an exception if you use keep until I close Firefox, so for such sites it is even more important to log out before you close Firefox. Make sure that you use the correct protocol (https://) if create exceptions yourself.

• https://google.com
• https://www.google.com

So I dont have the httpS://, I just have http:// added to the exceptions list. Is it better to copy/past a URL instead of a general address? Say I want to make all of Google an exception do I need to add all of their various sites and apps like mail, or would the account page do?

Firefox can add the exceptions for you if you use the Permissions panel of the Page Info dialog.

While you are on a Google page, you can call that up using any of these:

• right-click a blank area of the page and choose View Page Info > Permissions
• (menu bar) Tools menu > Page Info > Permissions
• click the padlock or "i" icon to the left of the site address, then the ">" icon, then More Information > Permissions

Scroll down to "Set Cookies" and uncheck the "Use default" box, and then select the permission you prefer ("Allow" in this case). There's no Save button, so once you've made the change, you can close the dialog.

jscher2000 said

Firefox can add the exceptions for you if you use the Permissions panel of the Page Info dialog. While you are on a Google page, you can call that up using any of these:

• right-click a blank area of the page and choose View Page Info > Permissions
• (menu bar) Tools menu > Page Info > Permissions
• click the padlock or "i" icon to the left of the site address, then the ">" icon, then More Information > Permissions

Scroll down to "Set Cookies" and uncheck the "Use default" box, and then select the permission you prefer ("Allow" in this case). There's no Save button, so once you've made the change, you can close the dialog.

Unfortunately that still doesnt quite solve my problem. It still have to enter a verification number thats texted to me every time I sign into Gmail. But it has made it easier to add exceptions, but I guess the exceptions dont matter if the cookies are cleared when I close FF.

It seems the only way to make me stop having to enter a verification code from Google every time is to disable 2-step authentication but that doesnt seem very secure.

Hi kwrobel, this combination should work (this is what I use):

(1)

[X]Accept cookies from websites Keep until: I close Firefox "Allow" Exception set for sites I allow to set persistent cookies

(2)

[_] Clear history when Firefox closes (unchecked)

or

[X] Clear history when Firefox closes + Settings: [_] Cookies (unchecked)

jscher2000 said

Hi kwrobel, this combination should work (this is what I use): (1) [X]Accept cookies from websites Keep until: I close Firefox "Allow" Exception set for sites I allow to set persistent cookies (2) [_] Clear history when Firefox closes (unchecked) or [X] Clear history when Firefox closes + Settings: [_] Cookies (unchecked)

Im sorry this still doesnt solve my problem. I still have to enter a number Google texts too me every time even though mail.google.com and google.com are added to my ALLOW exceptions list. Is it possible you could share a screen shot of your Cookies/History settings to make sure im not missing something?

Note that best is to remove the cookies from a website if you make changes to cookie permission settings because new rules are only applied to newly created cookies ans existing cookies might not be affected.