Protecting a cookie against user deletion

I want to store a cookie that the user will want to keep intact - it contains some preferences for site layout .

I know that Firefox has a plugin (called CookieCuller) which is presumably in js which alllows the user to protect cookies against accidental deletion.

Can someone give me some guidance as to how to do this?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you download the xsi file from here:

To your hard disk, then you can open it with winzip (or similar), and look at the code inside cookieculler.jar (again open it with winzip)

Basically, cookieculler just saves a list of "protected cookies" into its preferences, so that you cannot delete those cookies with "cookieculler"

I assume that you can still delete cookies with the webdevelopers toolbar, etc?

You can't just do this from javascript run on the webpage...

Mutley2003Author Commented:
Thanks Tim

There is a LOT  of code in that xsi file, and I don't pretend to understand it, but it is still just js, right?

So, OK, CookieCuller only protects cookies from CookieCuller, but since js has no access to the filesystem how does it "save a list of protected cookies" ?  In a cookie?

Or is it setting some special fields in those cookies (like ProtectedByCookieCuller=TRUE).. I guess that is a possibility, although surely screwing around with third party cookies is not safe.

So, if we have a cookie containing a list of cookies, how do we know the browser will not delete that master cookie when it reaches its cookie limit? Or is my understanding of that flawed ?? I have this idea that browsers are free to kill cookies once the RFC prescribed limits are breached.


No, it may be javascript code, but it is executed by the Firefox browser as if it is part of the browser..

Basically Firefox allows plugins to be written in javascript

And the firefox plugins can access preferences file for themselves by calling the Firefox API

This can't be done from inside a webpage, as the javascript in a webpage will be running inside the security sandbox


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mutley2003Author Commented:
ok, thanks Tim .. I understand now.

I guess the only way I have of protecting the cookies is to write a small app (not js) that will allow the user to keep a copy of the cookie somewhere else in case it gets deleted, and then restore it. Or keep the preferences on the server

thanks again
Good luck!  Sorry there wasn't an easier solution :-(

And Thanks!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Components

From novice to tech pro — start learning today.