
Self-Destructing Cookies - dsr_
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
======
dakrone
While this is an awesome extension, it is annoying living in the EU to
continually see "This site uses cookies, click 'accept' to acknowledge and
continue to the site" every time I visit a site that has had its cookies
cleared, since the acknowledgement is stored in a cookie that is subsequently
cleared when the tab is closed.

~~~
antocv
How came that crap to pass and become some EU thing anyway?

Whats the big deal about EU and cookies?

~~~
garethadams
People complained that cookies were being used by advertisers to track them.

The EU decided to take action by mandating that companies make it visible when
this was happening, in the Directive on Privacy and Electronic
Communications[1].

Since it's technically impossible to allow the benefits of cookies without
opening privacy holes, I don't really know what else privacy campaigners were
hoping to achieve.

[1]:
[http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electr...](http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications)

------
jonobird1
This'll probably be an unpopular comment but I feel the need to point out that
this is good (in the ways that made this post popular) and bad.

Bad because for the dot com company I work for, we use cookies to make sure we
don't show users 'helper' tooltips more than once per 30 days and cookies is
one of the better ways of doing this. It also helps us anonymously track a
user location to show better search results, user currency etc.

There are many bad ways a website can use cookies, but by using a plugin like
this, it'll ultimately just ruin your own user experience.

~~~
Too
For years ive been browsing with clear cookies after each session. What you
describe with first visit notification is not common at all. And when sites
actually do it, its usually very subtle and can be ignored like the
notification bar on the top of stackoverflow. I can only name one website
where I am annoyed by the lack of cookies and that is when youtube doesn't
remember my preferred video resolution. Otherwise browsing with fresh ones has
no degraded user experience for me.

Actually this is starting to become worse though after EU introduced the must
notify about cookies law last year. The ones who do clear their cookies once
in a while are punished by being notified about them time after time while the
others will blindly click OK and never see the message again.

~~~
Steko
> when youtube doesn't remember my preferred video resolution

[https://addons.mozilla.org/en-US/firefox/addon/youtube-
cente...](https://addons.mozilla.org/en-US/firefox/addon/youtube-center/)

------
semenko
Cool! I wrote a similar extension for Chrome that simply enforces a user-
adjustable maximum cookie lifetime (e.g. 21 days instead of 10+ years...).
This seems to provide a good balance for login cookies that you don't
necessarily want removed every session.

[https://github.com/semenko/chrome-limit-cookie-
lifetime](https://github.com/semenko/chrome-limit-cookie-lifetime)

[https://chrome.google.com/webstore/detail/limit-cookie-
lifet...](https://chrome.google.com/webstore/detail/limit-cookie-
lifetime/pplilgolafepgkdmocfpgblngcpdlopm)

(And the same for Chrome's ever-present history:

[https://github.com/semenko/chrome-limit-history-
lifetime](https://github.com/semenko/chrome-limit-history-lifetime)

[https://chrome.google.com/webstore/detail/limit-history-
life...](https://chrome.google.com/webstore/detail/limit-history-
lifetime/opkjpinehmnbdeebdamcapfgfepdiohp) )

------
hosay123
Note the "clear browser cache when idle" option aggravates a referrer logging
side channel for sites embedding Google Ajax libs or Analytics.

That aside, I'm in love!

~~~
heinrich5991
Can you explain why?

~~~
kevingadd
Nuking those scripts from the cache means that they get re-requested more
often, and the request has its referrer sent to the server hosting the
tracking script which means the referrer+ip pair can be logged.

~~~
dan_bk
And that's where RequestPolicy comes in: [https://addons.mozilla.org/en-
US/firefox/addon/requestpolicy...](https://addons.mozilla.org/en-
US/firefox/addon/requestpolicy/)

~~~
edoloughlin
I already use No-Script. I tried addeding RequestPolicy but the combination is
just too much work for normal browsing.

------
nfoz
I've been wondering for many years why this isn't the standard behaviour of
web browsers.

~~~
lloeki
Just like "click to flash" and other plugins that should only run when I
authorise them once, or always if I whitelist them.

------
13throwaway
This is a very good extension, I have been using it for a while. It is very
much the best of both worlds, using cookies to login, then deleting them when
you leave the site. You don't have to worry about whitelists, etc.

~~~
gavinpc
But without whitelisting, I wouldn't know how much of the web is completely
broken without cookies, where by "broken" I mean a blank page, or just a
little strip of the template. This includes blogs, one-off demos, and other
sites that don't require (or even offer) log in or settings of any kind.

I can only conclude that some common frameworks depend on cookies for their
own operation, and that in many cases the developers aren't even aware of the
"problem".

------
fdsary
I switch browsers more than I switch underwear, mostly between Safari, uzbl,
Firefox, Chrome and TOR Browser (FF fork). When I write extensions I do it for
the browser I currently fancy, so I've got a few ones for Safari, Firefox and
Chrome. But when I switch I lose the old ones, until I switch back.

Right now I'm in Safari (silky smooth rendering), and can't use this. That
sucks. But FF, Chrome and Safari extensions are just JS anyways. Why can't
they be automatically ported, or something? What's stopping Mozilla from
enabling Firefox to run Chrome and Safari extensions, and vice versa?

~~~
mahmoudhossam
Because they interact with different APIs.

Different browsers provide similar APIs in different ways sometimes, and
usually web standards support differs between browsers.

~~~
metabren
Any idea if someone has written an abstraction layer for this yet?

------
newscracker
I love this extension and have been using it for a long time! It makes it
convenient to use a single browser to access multiple Gmail (or other mail or
any other service provider) accounts without having to clear cookies manually
and without having to associate or link accounts together (the latter is
something Gmail allows, but I prefer not to use it). Just close the tab and
the cookies are gone, allowing a new session to begin.

The same holds good even for web searches, though I rarely use Google/Bing and
instead use start page or DuckDuckGo.

------
annnnd
Nice! I wonder if it clears cache too?

EDIT: apparently it does.

BTW, you can check if you can still be cookie / storage / cache-tracked here:
[http://www.canyoutrackme.com/](http://www.canyoutrackme.com/)

~~~
heinrich5991
For me it didn't work. I was still tracked by \- Cache, \- ETag.

~~~
_puk
ditto.

Also, I had to close my browser for the test to be allowed to work (session
expiry). I tried closing the tab, but that's not enough.

For me that is an unfair test as I hardly ever close my browser down
completely.

~~~
Rudism
IIRC, SDC does not immediately clear cookies/cache on tab closing. It purges
them on a scheduled interval. If you close the tab and wait a while (you
should eventually see a toast message, if you have them enabled, saying
something like "deleted x cookies from blah.com"), then your session should be
removed. Closing the browser runs the purge immediately which is why that was
working for you already.

------
skion
So, what other extensions can we ditch now?

I really like the UX of SDC; are Disconnect or DoNotTrackMe just clutter, or
adding value still?

------
AgentME
Can't you already set Firefox (and Chrome?) to only keep cookies around for
the session?

~~~
hosay123
This deletes cookies /during/ the session. After you close a tab, any cookies
unique to that tab's history are cleared

~~~
mikro2nd
And not just when you close a tab... also a short time (configurable, default
10s) after you navigate away from a site in an "old" tab.

------
klackerz
Persona is not working when I enable this addon.

~~~
jedp
Persona uses third-party cookies, so this is expected with this add-on. If you
whitelist persona.org (e.g., just visit persona.org and set self-destruct to
"never"), then Persona works fine.

------
scrollaway
Is there something similar for Chrome?

~~~
joshschreuder
There's a setting for both 'Keep local data only until you quit your browser'
and 'Block sites from setting any data' under Cookies in stock Chrome.

I don't use it though, so not sure of the effectiveness.

~~~
deepGem
Not exactly. You have to quit the browser. Using this FF extension, you just
have to close a tab. So there's no such option available in Chrome.

