Note that you need to clear existing cookies after creating a cookie exception.

Did you make sure that you create the exception for the correct domain(s)?

You can temporarily enable all cookies to see what cookies get created and create an "Allow" exception for these domains. Try to create an allow exception for the top domain in case Firefox tries to create an exception for a sub domain.

I tried deleting cookies after changing the cookie exceptions. No joy there.

To test what cookies my webmail page needs I do indeed allow cookies, log in, and then show cookies. It shows that one cookie is set, by a site that starts with sso.xxxx.net. Then I list that site under cookie exceptions. (Actually I list two sites, one with sso.xxxx.net and one without the sso, i.e. xxxx.net, just to be safe.) Then I try to log into the webmail in the normal way, and it will not allow it. When I check which cookies have been set, there are none. Thus it seems to simply fail to allow the cookie from the webmail site.

It works fine when I use an older version of firefox, on a different computer, when the preferences are set up in this way. With the newer version of firefox it does not work, on two different windows 10 computers.

Back to the goal: I want to prevent all cookies except those that I specifically allow. Cookies from those sites that I am allowing should be allowed.

I have a similar problem on Windows 7 also. Firefox 55.0.3 is ignoring my "Allow for Session" cookie settings.

Specifically, I have some sites set to "Allow" and some sites set to "Allow for Session."

The sites set to "Allow" should be able to set cookies that are not deleted when Firefox closes. The sites set to "Allow for Session" should be allowed while Firefox is open and then deleted when Firefox is closed.

However, both the "Allow" and "Allow for Session" cookies are not deleted when Firefox closes.

If a previous version of Firefox did not have this problem, I would like to know which one, because manually deleting every unwanted cookie is a major annoyance.

WillW,

It sounds like a slightly different problem. If I am reading it correctly, both "allow" and "allow for session" are basically working, at least during the session, and your problem is about when the cookies are deleted. My problem is that "allow" does not work at all, and the cookies that I want to allow for that session are never accepted at all.

For me the goal is this: I want to reject all cookies during the session, except those that I specifically allow. Just during the session would be a great improvement for me.

This seems like a very common need. Is it working like I want for you? Or how about for others? If so, then I need advice on first exactly how you have the settings, and then if it still doesn't work under the same exact settings (probably the case I think), then why is it failing on my two systems.

@jstr4900

It does sound like a different problem, although one that maybe has the same root cause.

My Firefox History settings are as follows:

Firefox will: Use custom settings for history [unchecked] Always use private browsing mode [checked] Remember my browsing and download history [unchecked] Remember search and form history [unchecked] Accept cookies from sites Exceptions: I have several sites set to Allow and several more set to Allow for Session [unchecked] Clear history when Firefox closes

With those settings, Firefox accepts all cookies I have set to Allow and all cookies I have set to Allow for Session. None of those cookies are ever deleted unless I do it manually. All cookies from sites that are not listed as Allow or Allow for Session are blocked.

Thanks for the reply. I tried these exact settings, and 53.0.3 still does not accept any cookies at all on my system, even ones from sites on the exceptions list. (I am pretty sure that I had already tried this combination previously as well.)

So can someone else help?

(1) Why does cookie exceptions fail to work on my two windows 10 systems for 53.0.3 ??

(2) What can I try to make the feature work properly on my two systems?

It seems like the feature works for others (although for WillW the accepted cookies are not deleted at the proper times).

Then WillW's question:

(3) WillW's 53.0.3 version does accept the cookies, but why aren't they deleted at the right times?

If clearing cookies didn't help then It is possible that the cookies.sqlite file in the Firefox profile folder that stores the cookies got corrupted.

• rename/remove cookies.sqlite (cookies.sqlite.old) and if present delete cookies.sqlite-shm and cookies.sqlite-wal in the Firefox profile folder in case cookies.sqlite got corrupted.

You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

• Help -> Troubleshooting Information -> Profile Directory:
  Windows: Show Folder; Linux: Open Directory; Mac: Show in Finder
• http://kb.mozillazine.org/Profile_folder_-_Firefox

Thank you very much for the reply. It was a good possibility. I think that I tried this previously, before uninstalling and re-installing. In any case I tried it again. I didn't find cookies.sqlite-shm or cookies.sqlite-wal in the profile directory, but I did find cookies.sqlite, and renamed it. When I re-started firefox, it made a new cookies.sqlite file, but the problem persists. The cookie exceptions feature still does not work.

I guess one thing to make sure of is that there is not some subtle name difference in the cookie exceptions list, causing firefox to not accept the cookies that are needed. Let's try a test case. Can you find some arbitrary website (e.g. ebay or something) where firefox accepts a cookie when that site is in the exceptions? All under the same conditions as I am trying for:

Firefox will: Use custom settings for history

[unchecked] Always use private browsing mode [unchecked] Remember my browsing and download history [unchecked] Remember search and form history [unchecked] Accept cookies from sites Exceptions

  Accept third-party cookies (never, but greyed out)
 Keep until (I close firefox)

[unchecked] Clear history when Firefox closes

Then list here the exact text from your exeptions list that works. Then I will test whether a cookie is excepted on my system under these exact conditions, after I set up the same exception. For the test I will visit that site and then check whether a cookie shows up when I click "show cookies.") I am pretty sure that it will not work on my system, but it is a good thing to test.)

Ok, here is a test case, where it fails for me and I think will probably work for you:

1) Set prefferences as listed in the previous message.

2) Under cookie exceptions, type in craigslist.com <return>. Now the exceptions list contains http://craigslist.com. Then I click "save changes," and exit the exceptions box.

3) I exited firefox and started it again. This should clear the cookies under these settings.

4) Go to craigslist.com

5) Now click on "show cookies" to see if there is a cookie there. When I have cookies turned on, a cookie does show up, listed as "craigslist.com," but when I set it up as described above, I do not get the cookie from craigslist.com. But I believe that you will get that cookie when you have it set up as described above.

Note that you will have to use the correct protocol and if the website uses a secure HTTPS protocol the setting an exception for the HTTP version won't work.

Did you try to use "Tools -> Page Info -> Permissions" to create a cookie "Allow" exception?

You can use the Storage Inspector to inspect all types of storage.

• https://developer.mozilla.org/en/Tools/Storage_Inspector

It would be real nice to verify that the simple craigslist example above works for you, since it does not work properly for me. That would establish whether or not it is something like the complication that you mention above, or is something that is more fundamental. (I am quite sure that it something more fundamental, but it would be really good to test this against what your system does in order to make sure.)

I am not creating my cookie allow exception in the way that you describe above. I am doing it from "preferences" "privacy" and then setting the preferences as described three messages above, and then I select "exceptions," and then specify the exception.

You need to include the proper protocol when you create an exception (https://craigslist.com) instead of leaving out the protocol and let Firefox add a possibly wrong protocol.

Just to add a note here. I ended up swapping to an add-on to manage cookie handling for Firefox a couple of days ago. The add-on is Cookie AutoDelete: https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/

It's basically doing everything for me that I want vanilla Firefox to do, except it's easier to manage. For your purposes it might not be a good solution, since you have to accept first-party cookies for it to work (there is no setting for "only accept cookies I authorize"). But for any domains that are not on the whitelist or greylist, it will delete them automatically within a minute after closing the tab (the time is adjustable and you can set it lower).

If you are unable to solve your problem with support here, you can give it a try. I'm fairly satisfied with it. I do wish it had a blacklist option, but it is still actively developed so maybe that will come later.

WillW, thank you for the good suggestion. I would rather not accept the cookies in the first place, even for a millisecond! It is frustrating that firefox has a feature that is exactly what I want, but it doesn't work. And I have this problem with two different installations 55.0.3 on two different windows 10 computers. And furthermore, the feature does work perfectly on an older windows 7 computer with an older version (38.01), and even previous versions before that also worked fine.

In the next message I am going to re-phrase the problem and summarize things that I have tried that didn't work. That might make it easier for someone to understand the problem and reply.

Here is a fresh summary of the problem.

The goal is to not accept any cookies except ones that I specifically allow. (For example for my webmail account.)

On older versions of firefox I could do this by going to "options" "privacy" and choosing settings as follows:

Firefox will: Use custom settings for history

[unchecked] Always use private browsing mode [unchecked] Remember my browsing and download history [unchecked] Remember search and form history [unchecked] Accept cookies from sites

 Accept third-part cookies (never, but greyed out on 55.0.3)
 Keep until (I close firefox, also greyed out on 55.0.3)

[unchecked] Clear history when Firefox closes

and then clicking into "Exceptions" and adding the sites that I want with the "allow" button.

With 55.0.3 all of these settings are still available, but on two installations on two different windows 10 computers this feature doesn't work, and cookies that should be allowed are never accepted. There is evidence from WillW that this feature does work on 55.0.3 for others. I have outlined a test case in two posts above (posts 9/10/17, 12:37 PM and 9/10/17, 1:21 PM) with Craigslist.come. This is a good example that doesn't work for me, but probably will work for others. It would be good to establish that this case works for others, in order to be sure that the problem is with my installation(s) and not with how I am doing the exceptions or something.

Here are things that I have tried so far:

re-naming cookies.sqlite, see suggestion from cor-el 9/8/17 12:10 pm Clear existing cookies after creating a cookie exception. (9/5/17 4:23 pm) I tried setting up a new profile. I re-installed firefoxe 55.0.3 (a couple of times)

Any suggestions would be greatly appreciated.

Anyone viewing, please see the summary in the previous email.

This is a response to a previous suggestion by cor-el, which I missed:

"You need to include the proper protocol when you create an exception (https://craigslist.com) instead of leaving out the protocol and let Firefox add a possibly wrong protocol."

In the craigslist example I used http://craigslist.com because that is what was listed in "show cookies" when I tested with the "allow cookies" setting. In any case, I added https://craigslist.com to the exceptions list and it still does not allow any cookies it all from either.

As far as I can tell, the feature simply doesn't work for my installations of 55.0.3 on windows 10. It sounds like the "allow exceptions" feature does work for others, although I would love it if someone else could try the craigslist test that I outlined above (posts 91017, 12:37 pm and 9/10/17, 1:21 pm).

Maybe you need an extension for both http:// and https:// for this website.

For someone now coming to my problem, please read the summary posted on 911/2017 6:40 am (a few back).

To answer cor-el's suggestion:

"Maybe you need an extension for both http:// and https:// for this website."

When I added the https exception, then it did have both http://craigslist.com and https://craigslist.com exceptions. I think that only the first is needed, but it doesn't work on my installation. Does it work on yours?

Update-- I was forced to install firefox again on an older computer, and that installation has the same problem. I was very careful to delete everything from the computer before re-installing the newer version. Again, the older version worked fine, and now the newer version does not work.

That makes 3 installations on 3 different operating systems.

WillW reported having success with unchecking "allow cookies" and using the exceptions list, but I am now doubting this. At this point nobody else has reported that the exceptions list works at all. (Please, see my craigslist example above and see if the cookie exceptions works-- if it does, please report back here.)

Also, 5 other people reported having this same problem.

Is this simply a glaring bug? Again, it worked fine on older versions.

The goal is to not accept any cookies except ones that I specifically allow. (For example for my webmail account.) Is there a way to accomplish this? If so, please describe in detail how to do it.

Hi jstr4900, how do you create your cookie exceptions? To get the proper syntax, I suggest using the Permissions panel of the Page Info dialog. When you are on a site that you want to allow to set cookies, you can call that up using any of these:

• right-click a blank area of the page and choose View Page Info > Permissions
• (menu bar) Tools menu > Page Info > Permissions
• click the padlock or "i" icon to the left of the site address, then the ">" icon, then More Information > Permissions

Scroll down to "Set Cookies" and uncheck the "Use default" box, and then select the permission you prefer.

Permission changes are saved as you make them, so you can close this window when you're done with it.

Do those work any better?