Basic Cookie Management In Firefox

Cookies are not just the sugary, crumbly treat they used to be. Now they’re all about websites and advertisers having your browser store information that they can call back up and among other things, allow advertisers to track your online habits from the websites you visit to the purchases you make or topics you research in search engines.

Cookies are not just the sugary, crumbly treat they used to be. Now they’re all about websites and advertisers having your browser store information that they can call back up and among other things, allow advertisers to track your online habits from the websites you visit to the purchases you make or topics you research in search engines.

The key to privacy is to not just simply allow your browser to blindly go ahead and accept every cookie that comes along. Instead, a few simple settings in Firefox can allow you to establish rules about what sites are allowed to set cookies and whether they can be persistent or restricted to the current session only and deleted when you close the browser.

Choose Privacy OptionsThe first step is to change the default which allows all cookies all the time. On the Tools menu, click Options, and then click the Privacy tab on the top of the box that appears. Then in the middle of the box will be a place to choose the basic options for how you want Firefox to handle cookies.

Choose how you want cookies handled

In the normal course of browsing the web, cookies are needed by a lot of sites for legitimate reasons such as remembering logon information and preferences. Lots of sites also use temporary cookies as part of how their site’s navigation system or checkout system works, so you’re really best off if you check “Accept cookies from sites”. But since we don’t need just any cookies, we’ll do some basic cookie management and choose “ask me every time” from the dropdown box and click “ok”.

When a site tries to set a cookie, Firefox will ask you what to do with it.

Cookie options

Since it’s actually pretty seldom that a site will set only one cookie, it’s a good idea to check the box for “Use my choice for all cookies from this site” so that you only have to decide what to do with cookies only once for each domain or sub-domain. If you want more information about the cookie that it’s asking you about, you can press the “Details” button to get a look at the raw cookie data. Most of the time this is going to be nearly indecipherable.

Cookie Details

The Choices you have are “Allow“, which means that cookies from that domain or subdomain will be accepted and will last beyond the current session. “Allow for Session“, which means that cookies from that sub-domain or domain will be accepted and then deleted when the browser is closed. “Deny“, which means that that domain or sub-domain will not be allowed to set cookies at all.

In the example above, I selected “Allow for Session” because I’m willing to allow the site to use temporary cookies so that it’ll work, but I don’t think that needs to have a cookie that does not expire for three years!

Generally speaking, most cookies will fall into “Allow for Session” or “Deny” categories. Only sites that you use frequently would be set to “Allow”. For example, many of you are regular readers here and of course you trust me implicitly (insert hypnotic stare here <grin>), so when your browser asks what to do with cookies from the domain, you naturally set it to “Allow”.

Once you set a rule for a domain or subdomain, all future cookies from there will be handled according to that rule. Persistent cookies will be allowed to exist between sessions and Session cookies will be deleted when you close the browser. You can look at the rules that have been created so far by going back into the Options box and selecting Privacy. In the Cookies part of that tab, click “Exceptions” and you’ll see a box like the one below.

Cookie Rules

This box allows you to see what the rules are for any domain or subdomain that has ever set a cookie. You can remove any or all of those rules, which means you would be asked about it again the next time you visited the site that set cookies for them. You can also directly enter a domain and set a rule for it in this box. Odds are pretty good that you won’t be seeing much of this box though.

Close the exceptions box and back on the privacy options, click “Show Cookies”. This will give you a list of all cookies that have been set.

cookie list

The little folders on the left indicate the names of domains and sub domains that have been allowed to set cookies. When you click on the “+” to the left of it, the folder will open and you will see all of the cookies that have been set for that domain. You can select any cookie and see what it contains and you can click “Remove Cookie” to delete any cookie. You should use care when on this screen because the “Remove All Cookies” button will do exactly that, remove EVERY cookie immediately.

What cookies Should I Allow?

Generally speaking the only sites you would want to “Allow” are those that you use frequently and either trust or consider any logon or preferences data the site would store to be sufficiently non-critical that the convenience of the persistent cookies is worth more than any possible information leak (such as by a malicious site using javascript to read the data from all cookies stored on your system). I personally have 70 domains that are set to “Allow” (yes, I counted them) and I consider that to be a high number but then again, I don’t believe that my browsing habits are exactly typical.

What cookies should I “Allow for Session”

Most of the sites that you allow to set cookies should be set to “Allow for Session”. This way sites can set cookies that will allow it to work properly and then they’ll be deleted at the end of the browser session when you close Firefox. The slight inconvenience of having to log on to a site the first time you visit it in a new browser session is well worth the privacy that you gain by not allowing most cookies to exist beyond the session.

What cookies should I “Deny”

The cookies to “Deny” are the ones that aren’t actually a part of the site you’re visiting. Usually you can get a good idea of whether or not to deny a cookie by looking at it’s domain. If it contains words like “tracking” or “metrics”, I would “Deny” them along with any cookie whose name ends in “”

Generally speaking, if the name of the domain or sub domain sounds like it’s tracking, then I’ll probably hit the “Deny” button. I’ve also recently discovered a good size list of tracking domains that can serve as a guide for which cookies to “Deny”.

This process of “training” Firefox in what cookies to allow starts out being pretty intensive. At first every cookie it encounters gets you another “what do I do with this?” box and you can’t do anything else until it’s dealt with. Fortunately as you visit all of the sites that you frequent, the box appears less and less often as the list of rules grows.

In another post I’ll talk about third party cookies and how to implement a hidden Firefox 2 setting that’s intended to not allow them.

[Tags]cookies, cookie management, tracking cookies, block cookies, session cookies, persistent cookies, firefox 2, tutorial, how to[/tags]

Use Buzzfuse to easily rate, review, and share this item

If you enjoyed this post, make sure you subscribe to my RSS feed!