My setting wasn't carried over.
A possible reason is that there was one update that changed the cookie behavior to 3 (use p3p). But p3p was dropped, so a subsequent update set the cookie behaviour "back" to 0.
A comment in the bug database explains why 0 and not 1. See below an extract from
https://bugzilla.mozilla.org/show_bug.cgi?id=225287
In my opinion, "dontAcceptForeign" cookie policy is still the way to go. Single sign-on or any legitimate use of third-party cookies should rely on active collaboration between the main web site and the third-party pages.
---------------
Daniel Veditz 2005-01-14 12:19:31 PST
Wouldn't "dontAcceptForeign" be a better default, more in keeping with our
general concern for privacy and security? Too much breaks if we turn off cookies
entirely--let the paranoids do that for themselves--but nothing good comes from
foreign cookies.
Comment #23 Mike Shaver 2005-01-14 13:44:48 PST
"Foreign" cookies -- for varying definitions of foreign -- are sometimes used
as
part of a single-sign-on system for intranet apps. They may well all be
assigned down to the same domain suffix, and therefore not be counted as
"foreign" for our purposes, but it would suck a lot to break those systems.
I'll play with my prefs and see what I can break in Oracle's, when I get a
chance.
---------------