[tbb-bugs] #14061 [Tor Browser]: Develop a new cookie inspector accommodating double key logic

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jan 11 18:35:44 UTC 2015

#14061: Develop a new cookie inspector accommodating double key logic
     Reporter:  michael      |      Owner:  tbb-team
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  TorBrowserTeam201506
Actual Points:               |  Parent ID:  #3246
       Points:               |

Comment (by michael):

 Replying to [comment:8 gk]:
 > I am wondering why we need a new cookie inspector at all? "Show
 Cookies..." should be the one showing you the cookies and domain they are
 bound to, I think.
 I assume that Mike's graphic implies the function of clicking a 1st party
 domain/favicon to drill down into cookie names where associated 3rd party
 cookies are specially marked. This assumption is based on a
 contract/bounty titled '''UI support for double-keyed cookies''' but it's
 possible that the correct interpretation is '''implement double-keyed UI
 support for the old cookie inspector design''' only.

 === Old cookie inspector design ===
 When interpreting that, note that the latter is a '''NOOP''' and the old
 cookie inspector works just the same after applying the double keying
 patch. That means that the cookie inspector ignores 1st/3rd party context,
 displaying all cookies indexed by their corresponding HTTP host header.

 Should we implement a graphical indication of party context? If yes, we
 need to decide on one of the many UI designs contrasting cookie
 representations lacking a 3rd party context from those including them, as
 well as deciding on how much UI support to provide (indexing and search
 strategy, exposing configuration, etcetera.)
 > Mike's idea is not cookie specific and introducing it just for cookies
 might therefore be confusing.
 It might be time to reevaluate UI design since making so many party
 isolation changes (along with your cool #9387 security slider, your
 [https://bugzilla.mozilla.org/show_bug.cgi?id=777620 B2G and channel
 referral], and other relevant UI considerations.)

 Should we free this child ticket and redefine it to specify '''all party
 isolation UI improvements?'''
 > What do you have in mind with the alternative design?
 My intentions are not part of this, but if I wanted to indicate cookie
 party association:

 - I would stick to tabular text instead of a graphic representation.

 - I don't know what style of indexing/searching and inspector
 configuration widget (a slider?) to provide[[br]]...since that gets
 complex and would benefit from in depth usability testing.

 Cookie party association UI is dependent on unresolved questions from
 other #3246 child tickets and maybe even non cookie ones. Should we put
 this on hold since the old inspector is working just fine?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14061#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list