SeaMonkey 2.19 to NOT block third party cookies by default

[rsx11m]

From Firefox Builds, viewtopic.php?f=23&t=2667761

It would appear that Mozilla is going the Safari route to block third party cookies by default. It's also been suggested that users clear all cookies before installing that version which is a bit controversial.

More on the subject here: The New Firefox Cookie Policy

The post isn't entirely accurate, only 3rd-party cookies (coming from websites other than the website which you are currently visiting, frequently tracking sites, but also content sites for images, etc.) from websites which you haven't been actively visiting before are blocked.

For example, if Facebook wants to set a cookie for a "Like" button in another web page, it initially wouldn't be allowed to do so. But, if you go to the primary Facebook website to view some stuff, thus acquiring some permitted cookies from that visit, subsequent return visits to the other site would now allow the "Like" button to use the 3rd-party cookies as there has been a permitted "visit" of that site before. From the user-tracking point of view this leaves some loopholes, but it's better than the previous default which just blindly allowed the 3rd-party cookies, thus supporting tracking.

This breaks the Privacy & Security > Cookies preference pane on trunk, I've filed bug 845353 on that.

[tqft]

Thanks I was wondering about how that was going to work

[rsx11m]

There are certainly still a couple of unknowns (i.e., whether or not iframes have their own context with respect to what "3rd-party" cookies are), thus keep watching the respective bugs for any movement.

[rsx11m]

This breaks the Privacy & Security > Cookies preference pane on trunk, I've filed bug 845353 on that.

My patch has landed this evening, thus the UI issues should be resolved with the next SM 2.19 nightly.

[vazhavandan]

Can we toggle this setting using following settings?
Edit==>Preferences==>Privacy==>Cookies

[rsx11m]

Exactly, you can set it to "Allow all cookies" again if you wish.

[rsx11m]

Bug 851606 was filed today to determine whether or not the new cookie behavior and making it the default will be allowed to go into aurora (and subsequently beta) with the upcoming merge in about two weeks. If decided not to make this effective with Gecko 22.0/SeaMonkey 2.19, options include to either back this out entirely (i.e., we'd also have to back out the UI changes from aurora) or just reversing the default to "All cookies" while leaving the functionality itself intact (thus allowing users to test it).

[rsx11m]

Like Firefox 22.0, SeaMonkey 2.19 will be shipped with the old default to allow all cookies (thus also from unvisited third parties). As discussed in bug 818340, the goal is now to establish some Cookie Clearing House first to catch any false positive exclusions that may break sites while (hopefully) maintaining the usefulness of the feature.