Hacker News new | ask | show | jobs
by fitzroy 2424 days ago
Instead of asking for each site, just allow first-party cookies and delete them by default when the last tab of that domain is closed. The user should be able to favorite cookies to keep indefinitely, with the rest being cleared on a user-defined schedule (onTabClose, 1 hour, 24 hours, 1 week, etc). There was a free Safari extension called Safari Cookies that handled the favoriting but it stopped working several years ago. https://sweetpproductions.com/safaricookies/index.htm

I'm surprised this isn't a standard feature built into browsers. Seems like it would be obvious to have a level of granularity between accept all first-party cookies and accept none.

Edit: to clarify, I don't think setting cookies is the issue (and not worth the UX hassle to ask everytime); the issue is storing the cookies for longer than the interaction persists. To me, it's analogous to someone remembering who you are during a conversation vs adding you to their rolodex and storing that info indefinitely.
2 comments
SyneRyder 2424 days ago
Microsoft Edge Beta has this. In Settings -> Site Permissions, you can disable "Allow sites to save cookies", but then add individual websites to the Allow list. There is also a Clear On Exit list you can add sites to.

I'm pretty sure Firefox & Chrome have similar functionality.

link
fitzroy 2424 days ago
Thanks, just found it here in Chrome: chrome://settings/content/cookies

I've mostly switched back to Safari ...so I look forward to getting this option in a decade or so.

In all seriousness, this would naturally fit into the new Safari "Websites" permissions in Settings. Right now cookies, databases, HSTS policy, and local storage are still in the old "Manage Website Data..." window, which would seem redundant now.

link
yunruse 2424 days ago
I like this idea, but many users would find it equally annoying to have to manage this. A machine-learning software which tracks usage would be more welcomed, backed up by favourite status / use of password managers to make a good heuristic.

Just so long as the ML algorithm is open source and entirely personal – having a company decide which cookie is good would be easily abusable.

link