Self-Destructing Cookies

Self-Destructing Cookies is not just a cookie manager, it's a new cookie policy. Do you think that cookies should need a reason to persist in your cookie jar, i.e. you currently interacting with the site that set them? Would you prefer your cookie jar to be empty in its steady state, except for a few sites that you care about? Are you worried about unconventional tracking methods? Then give this add-on a try.

Self-Destructing Cookies automatically removes cookies when they are no longer used by open browser tabs. With the cookies, lingering sessions, as well as information used to spy on you, will be expunged. Websites will only be permitted to identify you while you actually use them and can not stalk you across the entire web. This is the closest you will get to cookieless browsing without breaking every second site or tedious micromanaging.

Tracking cookies will be detected and removed immediately. They are identified purely by their behaviour - no need for a blacklist that needs to be kept up to-date. Self-Destructing Cookies also has LocalStorage support and will treat it just like your cookie jar. Defend yourself against ETag tracking and other cache-based black-hat techniques by configuring Self-Destructing Cookies to automatically clean your cache every time you are not actively using the browser. For the first time ever, this provides a realistic chance of beating zombie-/evercookies without sacrificing usability. See the zombie-cookie FAQ entry for details. Self-Destructing Cookies can also help protect against CSRF attacks by ending your sessions as soon as possible.

This add-on complements blacklist-based solutions such as Adblock and Ghostery very well. You can whitelist sites whose cookies and LocalStorage you would like to keep without an active tab in the Firefox cookie exception list, which can also be conveniently accessed from the add-on's preferences, or an icon in the Add-on Bar.

Frequently Asked Questions and Common Problems

Q: What about Zombie-/Evercookies?
A: SDC gives you a fighting chance against such black-hat techniques. To beat the Evercookie, enable automatic cache cleaning in SDC's preferences. If you are on a decent, unmetered connection, there is no harm in setting the idle timeout to a low value, such as 3 minutes. You should also set all of your plugins to click-to-play, install BetterPrivacy and configure it to automatically clean unused LSOs. Please note that SDC will not clean LocalStorage scopes of sites served via HTTPS if you are running a Firefox version prior to 23. This is due to a limitation in Firefox's DOM storage API in those versions.

Q: Can I disable the notification pop-ups?
A: Yes. Open the add-on manager. You can reach it via Firefox's menu, or by just entering "about:addons" without the quotes in your location bar. Locate Self-Destructing Cookies in your list of extensions, click the Preferences button and remove the checkmark next to "Notifications".

Q: Since I installed the add-on, the removal notifications just won't stop. I'm not even using the browser at the moment.
A: You are probably using another add-on that re-adds certain cookies when they are removed, e.g. Beef Taco or TrackerBlock which both try to persist opt-out cookies. SDC and the other add-on are having an infinite debate about whether to keep those cookies. Choose a side and disable the other one.

Q: The entire whitelist is empty each time I restart Firefox.
A: You probably have Firefox's privacy preferences set to "Clear History when Firefox closes" and included "Site Preferences" in the corresponding menu. SDC's whitelist is stored as site preferences.

Q: A specific site forgets my login, even though it is on my whitelist.
If you added the entries manually, make sure you whitelisted the base domains of your sites (e.g. "example.com", not "www.example.com"). That's where cookies are generally stored.
If you added it via the icon, the login might depend on external domains. Keep an eye on the removal notifications the next time you log *in* there. The domains that appear in the following seconds are probably the ones you want on your whitelist as well.

Q: The add-on does not work in private browsing mode.
A: Some parts of Firefox are off-limits for add-ons while you are in private browsing mode. This includes the cookie jar for example. There's nothing I can do about this, sorry.

Q: I have configured Firefox to block all cookies by default. Can I still use SDC?
A: There is an unsupported hidden setting that changes the behaviour of the "yellow" whitelist level from allow-for-session to allow-while-open. To enable it, create a boolean key in your about:config named "name at domaintBlock" (without the quotes), set it to true and restart your browser. You can now use the "yellow" setting for sites whose cookies you would like to accept, but still have them self-destruct. I provide this on a "should work" basis, meaning that I depend on bug reports from you and don't do in-depth testing of this mode myself.


Screenshots