cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Damariobros
Strollin' around
Status: New idea

I think the Primary Password should have an option to encrypt your cookies and your session in storage. Enabling the option should make Firefox require the Primary Password at startup, and if a session is saved it'll be decrypted into memory, and whenever a cookie is needed it'll decrypt into memory. If no primary password is provided, it should essentially open Firefox into a guest session. Primary Password protection works well enough for saved passwords, so I don't see why it wouldn't be able to protect cookies and sessions, should the user want that protection.

This would help protect against snooping, but more importantly, would also provide protection against cookie sniffers from stealing session tokens, since the key would be derived from the password (which obviously isn't stored in the profile) and therefore can't be simply searched for and used to decrypt the cookies.

2 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Benoxiid
New member

I had set up a password protected session on a computer that wasn't mine, and this computer was compromised some time later... I just assumed that a master password would encrypt anything personnal but I was wrong (My bad to be honest there)

Several accounts of mine ended up being stolen, some beyond any recovery (Hi microsoft support ! Not using your services ever again xD)

But, yeah, event with all the care in the world, sometimes it goes wrong, and encrypted cookies would've saved me there