We help IT Professionals succeed at work.

Protecting a cookie against user deletion

Mutley2003 asked
Medium Priority
Last Modified: 2013-11-18
I want to store a cookie that the user will want to keep intact - it contains some preferences for site layout .

I know that Firefox has a plugin (called CookieCuller) which is presumably in js which alllows the user to protect cookies against accidental deletion.

Can someone give me some guidance as to how to do this?

Watch Question

Top Expert 2004

If you download the xsi file from here:  http://cookieculler.mozdev.org/installation.html

To your hard disk, then you can open it with winzip (or similar), and look at the code inside cookieculler.jar (again open it with winzip)

Basically, cookieculler just saves a list of "protected cookies" into its preferences, so that you cannot delete those cookies with "cookieculler"

I assume that you can still delete cookies with the webdevelopers toolbar, etc?

You can't just do this from javascript run on the webpage...



Thanks Tim

There is a LOT  of code in that xsi file, and I don't pretend to understand it, but it is still just js, right?

So, OK, CookieCuller only protects cookies from CookieCuller, but since js has no access to the filesystem how does it "save a list of protected cookies" ?  In a cookie?

Or is it setting some special fields in those cookies (like ProtectedByCookieCuller=TRUE).. I guess that is a possibility, although surely screwing around with third party cookies is not safe.

So, if we have a cookie containing a list of cookies, how do we know the browser will not delete that master cookie when it reaches its cookie limit? Or is my understanding of that flawed ?? I have this idea that browsers are free to kill cookies once the RFC prescribed limits are breached.


Top Expert 2004
No, it may be javascript code, but it is executed by the Firefox browser as if it is part of the browser..

Basically Firefox allows plugins to be written in javascript

And the firefox plugins can access preferences file for themselves by calling the Firefox API

This can't be done from inside a webpage, as the javascript in a webpage will be running inside the security sandbox


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


ok, thanks Tim .. I understand now.

I guess the only way I have of protecting the cookies is to write a small app (not js) that will allow the user to keep a copy of the cookie somewhere else in case it gets deleted, and then restore it. Or keep the preferences on the server

thanks again
Top Expert 2004

Good luck!  Sorry there wasn't an easier solution :-(

And Thanks!

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.