bushi blog Let's all love Lain

Web Browser Cookie Management

Cookies aren’t visible to the user. Despite being used on many sites and being an easy way to identify a user, the cookies themselves are almost invisible to the user. With a default configuration, it is very difficult to view and manage the cookies. Because of this, user’s aren’t very aware of cookies sites save on a user’s machine.

Only time people ever think about cookies is when sites bug them to accept all their tracker cookies. I’m sure people’s first thought is not “Ahh, my privacy!” and actually along the lines of “make the intrusive box go away”. I agree with the reasoning behind the GDPR rules around cookies, but in practice it just creates an annoyance for the user. Every site is different, and it is difficult for the user to quickly parse and click through all the menus to select the minimum amount of cookies. There is no standardization in the way “cookie permissions” are asked for, so it’s the responsibility for the sites to get permission for storing cookies. It’s in their best interest to make it as tedious and difficult as possible to reject cookies so they can stuff as many performance and ad cookies on your machine as possible.

While we can’t change how sites ask for cookie jar privileges, we can control how a user manages cookies. By making it easier for the user to be aware of cookies on a site they can more easily take control of their cookie privacy.

From Mozilla: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

Cookies are sent with each request to a website, and serve 3 primary purposes:

  • Session management - logins, shopping carts, performance
  • Personalization - preferences, themes
  • Tracking

For most casual browsing, no cookies should be required. If you’re reading articles or checking out blogs, there is no real reason for you the user to collect any cookies from a site. For some sites, session cookies are unavoidable. If you want to login to a website and have that login carry over as you browser different pages, these type of cookies are a must. The tracking cookies, and to a lesser extent personalization cookies are the cookies we don’t want.

When saving a cookie, the website can configure a variety of options for the cookie, including lifetime, site attributes, and security flags.

Browser Add-ons to Manage Cookies #

Managing cookies should become a more visible part of the web browser, similar to password auto-fill and bookmarks. Users should have a way to more easily see the cookies generated by a site.

A short feature wishlist

  • view + sort all cookies at once
  • filter/search based on site, reference url
  • View cookies for current site, with number on icon like ad blockers
  • delete/manage cookies

Here’s two extensions for Firefox I tried.

Allows you to look at cookies per-domain. Only allows you to really look at cookies per-domain at a time. Can filter on cookie data, either the name of the cookie or the value. Can only search for domain names. No way to search cookies info directly, instead have to nail down the domain first.

By clicking on extension icon, gives you the option to:

  • View all cookies
  • Search for cookies from domain
  • Delete current site cookies (lists # of cookies)
  • Delete all context cookies, all cookies from current tab container context ( also lists # of cookies)
  • Delete current site local storage.

You can view how many cookies the current site has by clicking the icon, which is nice.

Cookie manager: https://github.com/Rob–W/cookie-manager

Icon menu has two options:

  • Open Cookie manager
  • Open cookie manager for current page

Selecting either opens a new tab, and gives you a search header to find cookies.

Opening for the current page shows all the cookies the current page has.

This one is better because it lists the cookies in a table. It also has more search and filtering options, such as:

  • Website filter (full url or domain)
  • filter by name
  • filter by value
  • Secure (any/yes/no)
  • httpOnly (any/yes/no)
  • SameSite (any/unset/strict/lax)
  • Session (any/session/non-session)
  • min/max expiry date
  • Cookie jar (which container tab)
  • Whitelist (any/yes/no)

This extension gives you a lot more power to search across cookies, instead of restricting you to domain+cookie like cookie quick manager.

Unfortunately, it doesn’t show the current site cookie count while browsing. It would be nice to see it similar to the way ublock origin shows the count of blocked ads on the current site.

It does provide a lot more power to the user to manage cookies across all websites. Gives the user the ability to easily select and remove 1 or more cookies. It also gives the ability to create a new cookie, as well as a way to import and export the cookies to JSON or netscape output format, as a file or just as text. It is able to import both formats as well.

The big thing missing in the cookie browser is a way to sort the results. You can perform searches really well, but the results are static, and don’t allow you to sort on the different columns. The extension is open source, so maybe I just need to get off my ass and contribute.

More news: Firefox 91 introduces enhanced cookie clearing

Home |About |Crypto |Webring |Links |Sitemap|RSS|Email|Mastodon