Cookie cannot be deleted by API
I have a cookie that is set by https://www.kinguin.net/ that cannot be deleted via the API. I discovered it while using the Cookie AutoDelete add-on. It would continually try to delete the cookie but was never successful.
I posted a bug report for the add-on and it was discovered to be a problem with the way the cookie was being set (not capitalizing the first letter in the "Expires" directive).
You can see the report here: https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/issues/538
I know that the problem is that the website is setting the cookie improperly, but should it be possible for a website to create a cookie that cannot b deleted by the Firefox API?
All Replies (6)
If your using their site then you agreed to their TOS and cookie and tracking usage. You should contact their site support about the issue your having.
Endret
My problem is not with the site setting the cookie improperly, it is with the browser allowing the cookie to be set improperly or not enforcing proper syntax (shouldn't it just ignore any directive that has improper syntax?)
This looks more like a case where a semicolon has been omitted between path=/ and expires=.
remove: function (e) { if (!l.canUseDOM) return null; document.cookie = ''.concat(e, '=; path=/ expires=Thu, 01 Jan 1970 00:00:01 GMT;') }
Should be:
remove: function (e) { if (!l.canUseDOM) return null; document.cookie = ''.concat(e, '=; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;') }
Document.cookies is a list of key=value pairs separated by semicolons.
You can contact the website about this error.
Endret
Note that you can use the Storage Inspector to remove these cookies.
Thanks for all the responses!
I am able to delete the cookie using Firefox's Options - Privacy & Security - Manage Data, that is not my problem.
It appears that you cannot delete the cookie via the Firefox API.
Is this not a problem?
So far, the answers here have either been how to fix the website so that it sets the cookie properly, or how to delete the cookie in another manner.
Neither of these was what my concern is.
My concern is being able to delete this cookie using the Firefox API. Is it possible? If not, is it a bug in Firefox? Should a website be able to set a cookie that cannot be deleted via the Firefox API? Should a bug report be made to fix this in Firefox?
Thanks.
You mean that an extension isn't able to remove this specific cookie? If that is confirmed by its developer then he should file a bug report to get this fixed. I don't know the specifics of how this cookie API works.