- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
I think the Primary Password should have an option to encrypt your cookies and your session in storage. Enabling the option should make Firefox require the Primary Password at startup, and if a session is saved it'll be decrypted into memory, and whenever a cookie is needed it'll decrypt into memory. If no primary password is provided, it should essentially open Firefox into a guest session. Primary Password protection works well enough for saved passwords, so I don't see why it wouldn't be able to protect cookies and sessions, should the user want that protection.
This would help protect against snooping, but more importantly, would also provide protection against cookie sniffers from stealing session tokens, since the key would be derived from the password (which obviously isn't stored in the profile) and therefore can't be simply searched for and used to decrypt the cookies.
