Open Bug 1436231 Opened 7 years ago Updated 2 years ago

When privacy settings for cookies are set to "Keep until they expire" localStorage becomes inconsistent during the same browsing session

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Version:
58 Branch
Platform:
Unspecified
macOS
Type:
defect

Tracking

()

People

(Reporter: wyattjoh, Unassigned)

References

Details

When the setting for cookie lifetime (in the "Privacy & Security" tab) is changed to "Keep until they expire", localStorage access is not consistent. I've created a demo that highlights this issue: https://github.com/wyattjoh/local-storage-demo It is also deployed here: http://brash-page.surge.sh/ Essentially, when the "Keep until **I close Firefox**" is set, localStorage is not properly shared across tabs. Using the demo code I provided, you can follow these steps to reproduce: 1. Ensure that about:preferences#privacy has "Firefox will **Use custom settings for history**" and under "Accept cookies from websites", you have "Keep until **they expire**" set. 2. Open a tab to view the contents of the edit box. Click the "Edit with Popup" button. 3. Enter text in the popup. 4. Click "Save to Local Storage" 5. Close the window. 6. Duplicate the window. 7. Notice that your edited content is shown in the new tab. 8. On about:preferences#privacy, change "Keep until **they expire**" to "Keep until **I close Firefox**" 9. Repeat steps 2-6, but notice that the content did not change to the newly edited content that you changed when you repeated step 3, instead, it is the previous content that you saw at step 7, before you changed the Firefox preference. This to me represents an incorrect behavior of the setting, as I didn't even have to close anything at any point to see the issue.
Johann, you've dealt with storage-related bugs recently. Any idea what component we should move this to?
Flags: needinfo?(jhofmann)
Yeah there's some inconsistency here, it's pretty edge-casey, but I can get inconsistent local storage state on these two sites when flipping the "keep until" pref back and forth, too, even on reloading the pages. It works correctly if I close and re-open one of the tabs. Jan, Tanvi, do you have any thoughts or ideas on this? It doesn't strike me as terribly important, but it would be good to find out what's happening here.
Flags: needinfo?(tanvi)
Flags: needinfo?(jvarga)
Flags: needinfo?(jhofmann)
Component: Tracking Protection → DOM
Product: Firefox → Core
I don't know this code, so don't know why it would be happening. But does seem pretty edge-casey, as you say. So I think we keep it as a low priority bug for now.
Flags: needinfo?(tanvi)
Component: DOM → DOM: Core & HTML

We are working on a large scaled Meteor Webapp (a well used Node.js web application framework). Meteor uses localStorage for "session cookie" management (here is a blog post describing why it is done that way).

Some of our users like to enable the privacy setting Delete cookies and site data when Firefox is closed. The issue reported above has quite an impact to them: Every time they open an internal link in a new tab, they have to re-login since the "session cookie" (which is saved into the localStorage) isn't shared to that new tab. After disabling the option Delete cookies and site data when Firefox is closed, it works properly. We reproduced it with the current Firefox (66.02) on a Mac (10.14.3), Ubuntu (18.04.1) and Windows 10.

This is probably fixed in new local storage implementation which is enabled on Nightly, can someone confirm ?

Flags: needinfo?(jvarga)

Yes it is fixed! Tested on Nightly 68.0a1 (2019-04-03)

I tested with our Meteor app and now it works correctly. Moreover the example page of Wyatt Johnson looks fixed as well, the local storage is now properly shared across tabs and windows.

Thank you!!

Dave, there are still some issues we need to address, so we can't enable new implementation in FF 67.
Hopefully, FF 68 will have it.

Depends on: 1286798
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.