Privacy/Features/Multiple Cookie Jars

Status

Team

Open issues/risks

`

Stage 1: Definition

1. Feature overview

For many parts of the browser, including add-ons, it would be nice to maintain a separate cookie store or cookie jar. Currently the cookie service only allows one place (and one set of all cookies for a domain) but some features would benefit from having a different "profile" of cookies depending on the context in which the HTTP requests go out.

2. Users & use cases

1. Safe Browsing traffic uses a cookie to make sure quality of service is adequate and abuse of the system goes mitigated. There's no reason cookies for the Safe Browsing service to be shared with those used by general traffic to Google properties (e.g., log into gmail). The Safe Browsing service could still operate properly if its cookies were separate from the rest of the user's http cookies, and the isolation of identification tokens would increase our users' control over HTTP-borne identifiers.

3. Dependencies

`

4. Requirements

• Backwards compatible: things assuming one cookie jar must still operate without code change.
• Arbitrary jarring: add-ons should be able to construct and use their own cookie jar.

Non-goals

`

Stage 2: Design

5. Functional specification

`

6. User experience design

We should revamp the Cookie UI to present multiple jars (if they're deployed) or change the delete-individual-cookies UI to make it clear which jar each cookie is in.

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

`

Feature details

Team status notes