Cookies set to "Never" but Safari now accepts all cookies anyway

Is it definitely cookeis you're seeing and not page cache? Previously, Safari cached page elements and favicons (to improve browsing speed) but didn't make that obvious. Now, those cached elements are listed in the Privacy section of Safari's preferences. Next to each site, there are lists of cache and cookies. I thought my copy of Safari 5.1 was incorrectly accepting cookies — it wasn't. It was just listing cached data that previous versions kept but didn't list.

Bahi wrote:

Is it definitely cookeis you're seeing and not page cache? Previously, Safari cached page elements and favicons (to improve browsing speed) but didn't make that obvious. Now, those cached elements are listed in the Privacy section of Safari's preferences. Next to each site, there are lists of cache and cookies. I thought my copy of Safari 5.1 was incorrectly accepting cookies — it wasn't. It was just listing cached data that previous versions kept but didn't list.

It's definitely cookies. It's presented differently in 5.1, but it's still accepting all cookies regardless of the setting. And in 5.1, Safari lists "cache" items as well as cookies.

I have two extensions on all my browsers. Only two extensions: AdBlock and Ghostery. In Safari 5.1, under the privacy tab when I click "details," it lists AdBlock and Ghostery as "websites," and it shows AdBlock and Ghostery as having data stored on my computer.

AdBlock and Ghostery are supposed to have data on my computer. That data is stored in Library>Safari>Local Storage, and that data is necessary for the extensions to function correctly.

But what's weird is in Safari Preferences>Privacy, it also lists an extension that isn't on Safari. It lists ChromeAdBlock as well as Safari AdBlock. That is too weird.

And, because of the way the data is now organized in Safari Preferences, if I'm not careful when I delete items from Safari preferences, I also delete the extensions.

So . . . I can enable private browsing and refuse all cookies as well as history---and not be able to log in to the websites I need to log into---or I can keep all the cookies and data bases and local storage Safari collects as I am surfing the Internet, or I can sift through all the data and delete what I don't want when I quit Safari---and re-install Ghostery and AdBlock everytime I open Safari---or I can discriminately delete everything manually---

Or I can just not open Safari and use a browser than has a clue.

I really think if it was user error I would have figured out what I'm doing wrong by now. I'm pretty sure it's a bug, and Safari Preferences is messed up. It has been messed up since the end of June when I accepted an update to address MacDefender and followed up with the 10.6.8 update to Snow Leopard.

Silkroad, thank you for that amazing post. This is truly horrendous. I just got the 5.1 update. To think they would have made it so much worse is truly hard to believe.

THIS IS THE BIGGEST SECURITY RISK IN THE HISTORY OF OSX! DO NOT USE SAFARI!

Apple has clearly given us all a big "F U" with this. No doubt Safari works in LION! Just pay $30 and you can browse the internet securely again. My guess is Apple is not going to do a thing about this unless Engadget and the other sites point out what a serious securtity issue this is, the worst ever for OSX.

Silkroad's post:

Jul 23, 2011 9:01 PM

Safari v5.1 (Build 6534.50) accepts all cookies no matter which Block Cookies choice I select. But the current list of cookies is *much* longer than before, and includes many new ones -- even though I haven't visited any new websites. That is, it's the cookies from before plus a bunch of new ones I've never seen until now, many with nonsensical names.

Then there's this new wrinkle: I visit site xxx.xxx and it writes cookies to my Mac. I then return to Home, go to Preferences, delete all cookies, and close out Safari. When I start Safari again and check cookies (mind you, I haven't done any navigation at this point, I am still at Home), many of the cookies I just deleted last session have reappeared -- deleting them doesn't make them go away. Some are from online banking websites like bankofamerica.com, and citi.com that I have visited during some previous session. Some are from other vendor-type websites that I didn't visit. Some are from mystery sites (with strange names that I dare not visit).

New wrinkle #2 is even better: as I'm deleting individual cookies, maybe a second or so later (while I'm still in Preferences, looking at the list of cookies), the cookie *I just deleted* reappears. I didn't visit that website this Safari session. I didn't visit it last session, either. In fact, maybe I've *never* visited that website. Yet its cookie is there, and when I delete it, it just pops back into the list of cookies. (No, it's not from Apple or Google or doubleclick or any other source you'd suspect.) I can delete it 10 times. Doesn't matter. It pops right back into the list at the same location as before. All 10 times.

The cookies that keep reappearing (no matter how many times I delete them) are not from websites that require me to log in, so that's not it. Some are from websites that I have previously visited, and some are mystery cookies.

It seems that some as-yet-undefined type of cookies are immortal.

As mentioned before, if I select Private Browsing, websites I'm currently logged into this session will no longer allow me in. And I can't log in to them, either, unless I turn off Private Browsing.

Zebra Storm wrote:

. . . This is truly horrendous. I just got the 5.1 update. To think they would have made it so much worse is truly hard to believe.

I, for one, am truly stunned.

THIS IS THE BIGGEST SECURITY RISK IN THE HISTORY OF OSX! DO NOT USE SAFARI!

It is a little unnerving to watch what gets loaded onto my computer. If I could, I'd delete Safari altogether.

No doubt Safari works in LION! Just pay $30 and you can browse the internet securely again.

I was hoping 5.1 would fix what was misbehaving in 5.0.5. But the update just made it worse. So I doubt upgrading to Lion will fix what's broken in Safari.

This isn't the first time an update to Safari caused big problems for me. It's just the first time I couldn't sort it out. So I am reluctant to apply any further upgrades and/or updates.

I need my computer. I don't have time to troubleshoot software quirks and/or find workarounds for software incompatibility---and the last thing I want is to destabilize the whole system.

So there is no way I will take a chance with an upgrade to Lion.

No way.

Silkroad wrote:

I formerly led application software development, and when I encounter problems like those Safari currently is experiencing with cookies, I revert back to my troubleshooting background to try and help the developers quickly identify the issues and fix them. That's all I'm doing here -- just trying to help them.

It's my understanding these are user-to-user forums, so I don't think anyone from Apple is reading this forum to find out what is happening with their software.

I think the best way to get word to Apple would be to use the "report bug" feature in Safari itself. Or you can report the problem at Safari Feedback.

stuff happens.

Stuff needs to un-happen, too. ASAP.

Silkroad wrote:

My mistake. Obviously I shouldn't post to discussion forums, for it just opens discussions to unpleasantness.

Sorry for bringing out anger and frustration in users.

Silkroad,

People were frustrated by what happened with the 10.6.8 update, and that's what got them to google the situation and find this thread. You have not frustrated anyone, and your succinct posts have clearly described the issues we are all experiencing. I was glad to find this thread, because then I knew that the issue was not unique. I'm presently using Opera as my default browser, and FireFox when I need to use cookies.

Silkroad wrote:

My mistake. Obviously I shouldn't post to discussion forums . . .

I did not even know about the cookie-dilemma before I read about it in this forum. So I'm sincerely grateful somebody brought it up on these forums.

I've been checking the forums nearly every day hoping someone might find a fix, but so far, no luck.

. . . for it just opens discussions to unpleasantness.

Sorry for bringing out anger and frustration in users.

I apologize if I came across unpleasantly. That wasn't my intention. I appreciate your input, Silkroad.

I believe 99% of the problems people have with their computers are user-error. So when I encountered the cookie-problem, I figured it was something I did, maybe a setting somewhere that is in conflict with Safari preferences.

I want Safari to work. I really enjoyed my RSS feeds and the Safari Reader. I like the way Safari organizes bookmarks. It got so much of the clutter and noise off my computer screen, enabling a very pleasant experience. So I want to know why Safari has become so unstable for me---but more than anything, I want it to work.

I figure the more people who report the problem to Apple, the more likely we are to get a fix. That's why I left a link to Safari Feedback in my previous post.

Again, I apologize if I came across unpleasantly frustrated, and thanks again for your input, Silkroad.

It's good to know I'm not the only one.

Just to let everyone know, the 10.6.8 Supplemental Update released today does not address the Safari security issue.

Has anyone spoken with apple regarding this? I can't find anything online about it except this thread - is it just us?

does apple have a position?

richardfromgreenvale wrote:

I can't find anything online about it except this thread - is it just us?

I've read numerous threads on this forum detailing the problem. I also read about it on the MacRumors forum. But I haven't read any solutions yet. Nor have I seen anything about it on any Mac-blogs (like MacFixIt or Mac Observer).

Has anyone spoken with apple regarding this?

I've used the Safari Feedback form twice (once for 5.0.5 and once for 5.1), and before that, I used the "report bugs" link in Safari itself to describe the problem(s) I'm having.

does apple have a position?

I've read the following on a document related to Apple Security Updates:

For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

So even if Apple knows about it, they'll keep a lid on it until a fix has been worked out.

Incidentally, when I visited the Product Security website, near the top of the page, I saw an email address (product-security@apple.com) to use to "report security issues that affect Apple products."

So . . . it's probably a good idea to email Apple at that address about the Safari cookie problem.

This may be overly simple but in Safari 5.1 the preference setting is to block cookies, so if you set the pref to "Never" it will never block cookies. You have to set it to "Always".

-------------------------------

OK my mistake - Safari seems to allow cookies no matter what the setting. This really should get fixed asap.

No doubt Safari works in LION!

Sorry, but it doesn't. I'm seeing similar behavior from Safari 5.1 under Lion, including cookies that, when deleted, reappear within a second or two. When I delete them a second time, they stay deleted—until the next time I visit a site that re-deposits them. I can't identify the origin of these cookies, but I assume they're all or mostly ad-related.

This is a major nuisance, and I hope Apple fixes the Safari cookie issue ASAP!

went to the apple store yesterday and tried safari on a Lion MBP..... of course it worked fine. I then spoke to an apple guy in the store and he said he was aware of the problem with Safari and that apple would probably fix it soon enough.

I'm pretty sure they have been advised NOT to talk about it to the extent of telling us when, why, and how but it's been over a month with more than a couple of subsequent updates...... I was also advised NOT to update yet to LION untill all the bugs are worked out, because i use CS5 and Microsoft Office 11 for my business (advertising).

WEll, that's just great...Possibly the most important tools creative types use and apple has decided to **** us off so we could make pictures larger with our thumb and index finger..... Given their recent track record with ruinng Final Cut Pro i wonder how long it will be till steve Jobs starts dressing like Bill Gates.