Søg i Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Læs mere

Two Factor Authentication How to Preserve Cookies?

  • 6 svar
  • 3 har dette problem
  • 26 visninger
  • Seneste svar af pjc321

more options

So, I am starting to set up Two Factor Authentication for various logins that I have. As a normal practice, whenever I close any browser I delete all cookies, and when shutting down my computer I do a Norton scan for cookies and delete them. The problem is that this deletes my two factor authentication cookies which I need. I tried setting up an exception, but the cookies get deleted anyway. How do I set this up to work, ie protect specific cookies from deletion?

In Internet Explorer this is extremely easy to do. All you do is put a checkmark next to "Preserve Favorites Website Data".....Done. The equivalent in Firefox you would think is "Site Preferences", but that does not work the same as in IE and the cookies are deleted.

So, I am starting to set up Two Factor Authentication for various logins that I have. As a normal practice, whenever I close any browser I delete all cookies, and when shutting down my computer I do a Norton scan for cookies and delete them. The problem is that this deletes my two factor authentication cookies which I need. I tried setting up an exception, but the cookies get deleted anyway. How do I set this up to work, ie protect specific cookies from deletion? In Internet Explorer this is extremely easy to do. All you do is put a checkmark next to "Preserve Favorites Website Data".....Done. The equivalent in Firefox you would think is "Site Preferences", but that does not work the same as in IE and the cookies are deleted.

Valgt løsning

SOLVED.

I finally figured it out trying different combinations. Unlike the way I would expect it to work with the cookie exceptions, the "*" character match only matches the "cookie name", not everything in the path before some point in the "site name". In other words, *.google.com will not protect cookies that are also located under mail.google.com. In that case both *.google.com and *.mail.google.com are required. As a real world example, the exceptions that work with Google's Two Factor Authentication, which covers the 20+ cookies that need to be preserved, are as follows:

(Once again, the forum does not allow me to enter the "star" character on the keyboard in what appears to the forum as a url)

(enter start character here).accounts.google.com (enter start character here).accounts.youtube.com (enter start character here).google.com (enter start character here).mail.google.com (enter start character here).plus.google.com (enter start character here).youtube.com

Læs dette svar i sammenhæng 👍 1

Alle svar (6)

more options

To begin with, using an external program to delete anything in the Firefox user Profile is fraught with perils. IMO, you are better served using Firefox preferences and maybe an extension to clear cookies upon closing Firefox.

There are many dozens of Cookies extensions available for extending the default features in Firefox. Hopefully you will find an extension that provides the features that you want.

more options

Unfortunately, I was forced to switch back to Internet Explorer as I couldn't get this to work on Firefox, even with a plugin. I also tried it without using an external program. Eventually someone will post the necessary steps somewhere.

Ændret af pjc321 den

more options

Let all cookies expire when Firefox is closed to make them session cookies.

  • Firefox/Tools > Options > Privacy > "Use custom settings for history" > Cookies: Keep until: "I close Firefox"

Create a cookie 'allow' exception for cookies that you would like to keep.

  • Firefox/Tools > Options > Privacy > "Use custom settings for history" > Cookies: Exceptions

Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, passwords, and other website specific data.

Clearing cookies will remove all specified (selected) cookies including cookies with an allow exception that you would like to keep.

See also:

Ændret af cor-el den

more options

Let all cookies expire when Firefox is closed to make them session cookies.

   Firefox/Tools > Options > Privacy > "Use custom settings for history" > Cookies: Keep until: "I close Firefox" 

Create a cookie 'allow' exception for cookies that you would like to keep.

   Firefox/Tools > Options > Privacy > "Use custom settings for history" > Cookies: Exceptions 

>>>>> Yes, this is the setup I have been using to add exceptions.

Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, passwords, and other website specific data.

Clearing cookies will remove all specified (selected) cookies including cookies with an allow exception that you would like to keep.

>>>>> So, unless I misunderstand these settings, this is telling me that when I select "Clear Recent History", there is no combination of these two switches (Site Preferences and Cookies) that will clear the cookies I don't want without also deleting the cookies that I made exceptions for. Therefore these two settings need to be set so that no cookies are being deleted, and then by setting "Cookies: Keep until: I close Firefox", that this third setting alone is what will be responsible for deleting all cookies except for my exceptions. Correct? Geez, talk about convoluted.

Ændret af pjc321 den

more options

@cor-el.

   So I set it up exactly as you specified and the cookies are still deleted (except for a couple of google.com ones) by simply closing the browser and doing nothing else, not even attempting to clear the history manually.  The only thing I can think of is that I am not specifying the exception properly.  When I set up two factor authentication with Google, twenty two cookies are created.  I will show a small sampling of them:


SITE NAME                                        COOKIE NAME

ACCOUNTS.GOOGLE.COM
     accounts.google.com                   GALX
     .
     .
GOOGLE.COM
     google.com                                     SID
     .
     .
MAIL.GOOGLE.COM
     mail.google.com                            S
     .
     .
PLUS.GOOGLE.COM
     plus.google.com                           OTZ
     .
     .
YOUTUBE.COM
     youtube.com                                 SID
     .
     .

I have tried all the following ALLOW exceptions and none of them work, or there is a completely different issue:

star.google.com ALLOW (NOTE:The forum will not let me enter a star character here. star meaning match everything before.) accounts.google.com ALLOW google.com ALLOW mail.google.com ALLOW plus.google.com ALLOW youtube.com ALLOW

Ændret af cor-el den

more options

Valgt løsning

SOLVED.

I finally figured it out trying different combinations. Unlike the way I would expect it to work with the cookie exceptions, the "*" character match only matches the "cookie name", not everything in the path before some point in the "site name". In other words, *.google.com will not protect cookies that are also located under mail.google.com. In that case both *.google.com and *.mail.google.com are required. As a real world example, the exceptions that work with Google's Two Factor Authentication, which covers the 20+ cookies that need to be preserved, are as follows:

(Once again, the forum does not allow me to enter the "star" character on the keyboard in what appears to the forum as a url)

(enter start character here).accounts.google.com (enter start character here).accounts.youtube.com (enter start character here).google.com (enter start character here).mail.google.com (enter start character here).plus.google.com (enter start character here).youtube.com

Ændret af pjc321 den