I’m a huge fan of Mozilla Firefox, but I have to say that one totally maddening feature/bug is close to making me stop using it altogether. I find that, after around four or five days, most of my cookies completely expire. It means that, if I don’t log into my online banking website every five days, I lose my stored bank card number (meaning I have to get up, find my wallet, and type it back in). If I don’t log into my Movable Type site every five days, and then I click on one of the links in MT-Blacklist’s automated emails, I have to log back into MT, then close the MT-Blacklist page I’m redirected to and reclick on the email link. If I click on a New York Times link and haven’t been to their site in the past five days, I have to log back in. It’s totally annoying, and apparently, it’s something that other people have noticed (although it’s not entirely clear that it affects everyone, and it might have to to with a suggested 300 cookie limit).

Wait, here’s the scoop: there is a hard-coded 300-cookie limit in all Mozilla-based browsers, and that limit is based on an incredibly poor reading of the cookie specification (see section 5.3). To me, the most important part of that section isn’t the 300-cookie minimum, but rather, the lines that read:

In general, user agents’ cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible.

This is way more realistic, given that most people probably use a few web-based applications daily for work, a few more web-based applications daily to weekly for personal things (email, searching, travel planning, and the like), and then regularly visit a dozens and dozens of other websites that use cookies. But this realism doesn’t appear to have affected the Mozilla programming community, at least in response to two years of bug reports and forum posts.

Comments and TrackBacks

I run into this problem all the time as well. It’s been around in the earlier Moz revs and I assumed they’d eventually fix it, but no go.

(I’ll click remember info here, but it’ll be useless to me in a few days)

• Posted by: Matt Haughey on Apr 21, 2004, 8:40 PM

Whoa, that’s pretty short-sighted. I’ve never run into this though. Not defending the decision, but are you getting prompted about cookies (Enable Cookies > But ask before accepting)? If not, a lot of those 300 spots are taken up by all those advertising cookies sites insist on setting.

• Posted by: Tom Clancy on Apr 21, 2004, 9:31 PM

I don’t want to get prompted before cookies; they’re harmless, and there’s no reason that I should have to worry about whether or not a site sets an advertising cookie. Being prompted before setting a cookie would be like being prompted that a URL I view is going to be put into my history.

Why can I determine how many days back my history goes, but not how many cookies my browser can handle at once? Similarly, why can I store an unlimited amount of form information, and similarly, an unlimited number of HTTP authorization usernames and passwords? It’s totally arbitrary, it seems to me.

• Posted by: Jason on Apr 21, 2004, 9:47 PM

Ohhh! This is why all my cookies die all the time. Stupid Firefox behavior! I’m gonna go get my money back.

Also, since when does “minimum” mean “maximum”?

• Posted by: Anil on Apr 21, 2004, 11:58 PM

>> Also, since when does “minimum” mean “maximum”?

To many years of dealing with government regulation. Think of all the companies that brag about following government guidelines. Also known as the least you can do without getting thrown in jail

• Posted by: Paul on Apr 22, 2004, 5:55 AM

I agree with you in principle. I assume the Moz folks responsible for this section of the code are “cookies are eeeevil” types.

I have my cookies set to “for the originating Web site only” which apparently rules out enough cookies that I don’t in practice have the problem. I’ve come across two or three sites which won’t work under this setting, so I have to be willing to change the option to access such a site and change it back again after. Which isn’t too bad a workaround.

• Posted by: jam on Apr 22, 2004, 1:11 PM

Jason writes of a significant issue with Gecko-based browsers: they are limited to 300 stored cookies at a time. This is bad user agent behavior. I suggest that you go sign up for a Bugzilla account if you don’t have one and then go vote on th…

• Pinged by The Indiana Jones School of Management on Apr 22, 2004, 6:52 PM

Jason, I guess that you’ve seen this in your TB, but I’ve advocated voting for this bug to the eight readers of my Weblog. Your voice on this might go much louder.

• Posted by: Geof on Apr 23, 2004, 3:24 PM
I don’t want to get prompted before cookies…

It’s annoying at first, but once you’ve built up a huge domain blacklist and whitelist for cookies (as you can do by telling Firefox/Mozilla to remember your choice), you rarely get bothered. My combined black/white-list is huge (over 3500), and for what it’s worth, I haven’t run into this cookie problem.

Just my two cents.

• Posted by: Thomas Sibley on Apr 24, 2004, 5:50 PM

Well, never say weblogs aren’t useful: the bug is now marked fixed. burning edge is useful to keep track of what’s going on w/mozilla.

• Posted by: Bill Stilwell on Apr 24, 2004, 8:45 PM

I’ve always been a bit confused about the whole Bugzilla thing, and what it means that something gets checked in as resolved — does that mean that the nightly builds of all Mozilla-based browsers from that point on will incorporate the fix? Does the latest Firefox nightly have the cookie fix?

• Posted by: Jason on Apr 27, 2004, 9:07 PM

If you read the burning edge page linked above, you can see that the 04-24 Firefox build does explicitly have the cookie fix included.

• Posted by: Scott on Apr 29, 2004, 10:36 AM

Ah thanks - I was wondering about this myself.
Unfortunately, the nighties usually introduce other bugs that are worse than what I’m trying to fix (e.g. this time - I get an error message at startup and SpellChecker quit working :( )
Hopefully they will fix the cookie thing, along with bringing back a warning when closing multiple tabs when the next official release comes out.

• Posted by: Charles on May 7, 2004, 10:13 PM

Jason reports that the Mozilla/Firefox/$foo cookie bug has gone away in the 1.0 Preview Release … sorta. There’s an important note about that fix, though: without doing a few manual config changes, you’ll only see a marginal improvement. The old M…

• Pinged by The Indiana Jones School of Management on Sep 14, 2004, 5:38 PM
Please note that comments automatically close after 60 days; the comment spammers love to use the older, rarely-viewed pages to work their magic. If comments are closed and you want to let me know something, feel free to use the contact page!