This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Option to Encrypt Cookies and Session with Primary Password

Damariobros
Strollin' around
‎02-14-2025 11:39 AM
Status: New idea

I think the Primary Password should have an option to encrypt your cookies and your session in storage. Enabling the option should make Firefox require the Primary Password at startup, and if a session is saved it'll be decrypted into memory, and whenever a cookie is needed it'll decrypt into memory. If no primary password is provided, it should essentially open Firefox into a guest session. Primary Password protection works well enough for saved passwords, so I don't see why it wouldn't be able to protect cookies and sessions, should the user want that protection.

This would help protect against snooping, but more importantly, would also provide protection against cookie sniffers from stealing session tokens, since the key would be derived from the password (which obviously isn't stored in the profile) and therefore can't be simply searched for and used to decrypt the cookies.

See more ideas labeled with:
Comment
2 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎02-21-2025 07:19 AM
‎02-21-2025 07:19 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Benoxiid
New member
‎03-09-2025 02:56 PM
‎03-09-2025 02:56 PM

I had set up a password protected session on a computer that wasn't mine, and this computer was compromised some time later... I just assumed that a master password would encrypt anything personnal but I was wrong (My bad to be honest there)

Several accounts of mine ended up being stolen, some beyond any recovery (Hi microsoft support ! Not using your services ever again xD)

But, yeah, event with all the care in the world, sometimes it goes wrong, and encrypted cookies would've saved me there

Copyright © 2025 Khoros, LLC