Just Solve the File Format Problem - User contributions [en]

Netscape cookies.txt

2022-12-08T23:37:10Z

KlfJoat: Add to .txt category

{{FormatInfo
|formattype=electronic
|subcat=Web
|subcat2=Web browser files
}}

In the past, the Netscape browser was so dominant that many tools emulated its cookie file format. The browser market moved on, but the <code>'''cookies.txt'''</code> file format remains in use by fundamental and popular tools such as [https://curl.se/ curl], [https://www.gnu.org/software/wget/ wget], and [https://youtube-dl.org/ youtube-dl], as well as many others.

== File format ==
Officially, the first line of the file must be one of the following:
* <code># HTTP Cookie File</code>
* <code># Netscape HTTP Cookie File</code>

Fields are [[Tab delimited|separated by tab characters]] (<code>\t</code> or <code>\009</code> or <code>0x09</code>).

Lines are separated by the newline format in use by the running operating system. That means <code>CRLF</code> (<code>\r\n</code>) for Windows and <code>LF</code> (<code>\n</code>) for Unix-like systems such as Linux, macOS, FreeBSD, etc.

The 7 fields are as follows.

{| class="wikitable" style="margin-left: 0px; margin-right: auto;"
|+ Human-Friendly Schema
|-
! Field Name !! Type !! Example Value || Notes
|-
| host || string || <code>example.com</code> || Hostname that owns the cookie
|-
| subdomains || boolean string || <code>FALSE</code> || Include subdomains (old attempt at SameSite)
|-
| path || string || <code>/</code> || Pathname that owns the cookie at the host
|-
| isSecure || boolean string || <code>TRUE</code> || Send/receive cookie over HTTPS only.
|-
| expiry || number || <code>1663611142</code> || Cookie expiration in standard [[Unix time|Unix timestamp]] format
|-
| name || string || <code>cookiename</code> || Cookie name
|-
| value || string || <code>cookievalue</code> || Cookie value
|}

== Example file ==
# HTTP Cookie File
example.com FALSE / TRUE 1663611142 cookiename cookievalue
example.net FALSE / FALSE 1125326700 cookiename cookievalue
example.org TRUE / FALSE 1000210440 cookiename cookievalue
example.com FALSE /a/ FALSE 1596693600 cookiename cookievalue

== Extract cookies to Netscape cookies.txt format ==
This is a common need so extensions exist for Chrome and Firefox.
* [https://chrome.google.com/webstore/detail/get-cookiestxt/bgaddhkoddajcdgocldbbfleckgcbcid/ Chrome - Get cookies.txt]
* [https://addons.mozilla.org/en-US/firefox/addon/cookies-txt/ Firefox - cookies.txt]

=== Code snippet to extract cookies from Mozilla Firefox to Netscape cookies.txt format ===
It may be useful to extract your own cookies by running a script. This is a small excerpt of a larger script, so it will not run alone as-is. This portion will take a [[Firefox cookie database]], convert it to cookies.txt format, then echo it to <code>stdout</code>. The work before this snippet plus capturing the output are beyond the scope of this page.

Because of format changes, some data type conversions must be performed during the extract. This is done in the <code>case</code> statements.

'''This snippet of code is not compatible with the Multi-Account Container Extension or the Facebook Container Extension. Multiple cookies that match the same host/path/name tuple might be output. Depending on the website and the way the cookies.txt file is parsed by the tool you're using, you may find inconsistent, unexpected, or contradictory behavior.'''

Prerequisites:
* A Bourne-compatible shell with support for [https://en.wikipedia.org/wiki/Here_document here documents], such as <code>sh</code>, <code>csh</code>, <code>tcsh</code>, <code>ksh</code>, <code>bash</code>, and <code>zsh</code> to name a few.
* The sqlite3 binary.

echo "# HTTP Cookie File"
sqlite3 -separator ' ' "cookies.sqlite" <<- EOF
.mode tabs
.header off
select host,
case substr(host,1,1)='.' when 0 then 'FALSE' else 'TRUE' end,
path,
case isSecure when 0 then 'FALSE' else 'TRUE' end,
expiry,
name,
value
from moz_cookies;
EOF

Firefox locks the <code>cookies.sqlite</code> file while running. If you want to run the above script you must either exit Firefox or copy the file to a temporary location.

== Notes ==
* The [https://github.com/yt-dlp/yt-dlp yt-dlp] project supports pulling cookies from the browser natively with <code>--cookies-from-browser</code> as well as the legacy cookies.txt format.

== Links ==
* [https://everything.curl.dev/http/cookies/fileformat cURL cookie file format]

[[Category:Text-based data]]
[[Category:File formats with a distinctive filename]]
[[Category:File formats with extension .txt]]

Firefox cookie database

2022-10-05T17:31:42Z

KlfJoat: Links, brackets, and parentheses.

{{FormatInfo
|formattype=electronic
|subcat=Web
|subcat2=Web browser files
}}

Cookies in Firefox are stored in an [[SQLite]] format database found in the file '''cookies.sqlite''' in the currently-active user profile directory (exact path is system-dependent). Also, the write-ahead-logging and shared-memory files '''cookies.sqlite-wal''' and '''cookies.sqlite-shm''' are used, but the latter two are re-integrated into the main database file and deleted when you close the browser.

The structure is seen in this SQL command embedded in the file:

<code>CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, isSecure INTEGER, isHttpOnly INTEGER, baseDomain TEXT, creationTime INTEGER)</code>

== Firefox Contextual Identity Project (Containers) ==
Firefox has implemented OriginAttributes in internal APIs to support features like [https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/ Multi-Account Containers]. Based on that, the same cookie name at the same host on the same path may return multiple values due to different originAttributes values (representing different containers).

As of Firefox 104 (released 2022-08-23), the '''cookies.sqlite''' schema is:

<code><nowiki>CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, originAttributes TEXT NOT NULL DEFAULT '', name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, creationTime INTEGER, isSecure INTEGER, isHttpOnly INTEGER, inBrowserElement INTEGER DEFAULT 0, sameSite INTEGER DEFAULT 0, rawSameSite INTEGER DEFAULT 0, schemeMap INTEGER DEFAULT 0, CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes))</nowiki></code>

{| class="wikitable" style="margin-left: 0px; margin-right: auto;"
|+ Human-Friendly Schema
|-
! Field Name !! Type !! Schema !! Notes
|-
| <code>id</code> || <code>INTEGER</code> || <code>PRIMARY KEY</code> || SQLite unique row ID
|-
| <code>originAttributes</code> || <code>TEXT</code> || <code><nowiki>NOT NULL DEFAULT ''</nowiki></code> || Values mapped to containers in <code>conatiners.json</code>. Some containers, like the one for extensions (<code>userContextIdInternal.webextStorageLocal</code>), will always exist even if the Multi-Account Container or Firefox Container extensions are not installed.
|-
| <code>name</code> || <code>TEXT</code> || || Cookie name
|-
| <code>value</code> || <code>TEXT</code> || || Cookie value
|-
| <code>host</code> || <code>TEXT</code> || || Hostname that owns the cookie
|-
| <code>path</code> || <code>TEXT</code> || || Pathname that owns the cookie at the host
|-
| <code>expiry</code> || <code>INTEGER</code> || || Cookie expiration in standard [[Unix time|Unix timestamp]] format
|-
| <code>lastAccessed</code> || <code>INTEGER</code> || || Cookie last accessed time in microseconds since the [[Unix time|Unix epoch]]
|-
| <code>creationTime</code> || <code>INTEGER</code> || || Cookie creation time in microseconds since the [[Unix time|Unix epoch]]
|-
| <code>isSecure</code> || <code>INTEGER</code> || || Send/receive cookie over HTTPS only. Set in Set-Cookie header
|-
| <code>isHttpOnly</code> || <code>INTEGER</code> || || Access to the cookie via client-side script is prevented. Set in Set-Cookie header
|-
| <code>inBrowserElement</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=756648#c11 Legacy Firefox OS setting to create "cookie jars"]
|-
| [https://web.dev/samesite-cookies-explained/#explicitly-state-cookie-usage-with-the-samesite-attribute <code>sameSite</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || Cookies should only be readable by the same site that set them. Set in Set-Cookie header
|-
| <code>rawSameSite</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c19 "Preserve the 'on the wire' value (of the SameSite cookie), meaning the value found in the Set-Cookie header"]
|-
| [https://web.dev/schemeful-samesite/ <code>schemeMap</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1638358#c0 Consider different "schemes" (meaning http vs https) to be different sites]
|}

The '''<code>CONSTRAINT</code>''' clause makes SQLite require the quadruple of <code>name</code>, <code>host</code>, <code>path</code>, <code>originAttributes</code> to be unique.

== Datetime formats ==
There are 3 dateime fields: '''expiry''', '''lastAccessed''', and '''creationTime'''.

<code>expiry</code> is stored in standard [[Unix time|Unix timestamp]] format. In SQLite, this can be converted to a human-readable format with <code>datetime("expiry", 'unixepoch')</code>.

However, <code>lastAccessed</code> and <code>creationTime</code> are in microseconds since the [[Unix time|Unix epoch]]. To convert to a human-readable format in SQLite use <code>datetime(("creationTime"/1000000),'unixepoch')</code>.

== Links ==
* [http://news.cnet.com/8301-1023_3-57591052-93/ad-group-blasts-cookie-privacy-project-from-mozilla-stanford/ Ad group blasts cookie-privacy project from Mozilla, Stanford]
* [http://blogs.computerworlduk.com/open-enterprise/2013/08/did-you-know-that-mozilla-is-hijacking-the-internet/index.htm Commentary on Digital Advertising Alliance's criticism of Mozilla]
* [https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/ Self-destructing cookie plugin: removes cookies when you close a tab]
* [https://www.i-dont-care-about-cookies.eu/ Plugin to get rid of cookie warnings]
* [https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers Mozilla Wiki - Security/Contextual Identity Project/Containers]

[[Category:SQLite based file formats]]
[[Category:Mozilla]]

Firefox cookie database

2022-09-20T00:22:46Z

KlfJoat: fix hyperlink

{{FormatInfo
|formattype=electronic
|subcat=Web
|subcat2=Web browser files
}}

Cookies in Firefox are stored in an [[SQLite]] format database found in the file '''cookies.sqlite''' in the currently-active user profile directory (exact path is system-dependent). Also, the write-ahead-logging and shared-memory files '''cookies.sqlite-wal''' and '''cookies.sqlite-shm''' are used, but the latter two are re-integrated into the main database file and deleted when you close the browser.

The structure is seen in this SQL command embedded in the file:

<code>CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, isSecure INTEGER, isHttpOnly INTEGER, baseDomain TEXT, creationTime INTEGER)</code>

== Firefox Contextual Identity Project (Containers) ==
Firefox has implemented OriginAttributes in internal APIs to support features like [https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/ Multi-Account Containers]. Based on that, the same cookie name at the same host on the same path may return multiple values due to different originAttributes values (representing different containers).

As of Firefox 104 (released 2022-08-23), the '''cookies.sqlite''' schema is:

<code><nowiki>CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, originAttributes TEXT NOT NULL DEFAULT '', name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, creationTime INTEGER, isSecure INTEGER, isHttpOnly INTEGER, inBrowserElement INTEGER DEFAULT 0, sameSite INTEGER DEFAULT 0, rawSameSite INTEGER DEFAULT 0, schemeMap INTEGER DEFAULT 0, CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes))</nowiki></code>

{| class="wikitable" style="margin-left: 0px; margin-right: auto;"
|+ Human-Friendly Schema
|-
! Field Name !! Type !! Schema !! Notes
|-
| <code>id</code> || <code>INTEGER</code> || <code>PRIMARY KEY</code> || SQLite unique row ID
|-
| <code>originAttributes</code> || <code>TEXT</code> || <code><nowiki>NOT NULL DEFAULT ''</nowiki></code> || Values mapped to containers in <code>conatiners.json</code>. Some containers, like the one for extensions (<code>userContextIdInternal.webextStorageLocal</code>), will always exist even if the Multi-Account Container or Firefox Container extensions are not installed.
|-
| <code>name</code> || <code>TEXT</code> || || Cookie name
|-
| <code>value</code> || <code>TEXT</code> || || Cookie value
|-
| <code>host</code> || <code>TEXT</code> || || Hostname that owns the cookie
|-
| <code>path</code> || <code>TEXT</code> || || Pathname that owns the cookie at the host
|-
| <code>expiry</code> || <code>INTEGER</code> || || Cookie expiration in standard [[Unix time|Unix timestamp]] format
|-
| <code>lastAccessed</code> || <code>INTEGER</code> || || Cookie last accessed time in microseconds since the [[Unix time|Unix epoch]]
|-
| <code>creationTime</code> || <code>INTEGER</code> || || Cookie creation time in microseconds since the [[Unix time|Unix epoch]]
|-
| <code>isSecure</code> || <code>INTEGER</code> || || Send/receive cookie over HTTPS only. Set in Set-Cookie header
|-
| <code>isHttpOnly</code> || <code>INTEGER</code> || || Access to the cookie via client-side script is prevented. Set in Set-Cookie header
|-
| <code>inBrowserElement</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=756648#c11 Legacy Firefox OS setting to create "cookie jars"]
|-
| [https://web.dev/samesite-cookies-explained/#explicitly-state-cookie-usage-with-the-samesite-attribute <code>sameSite</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || Cookies should only be readable by the same site that set them. Set in Set-Cookie header
|-
| <code>rawSameSite</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c19 "Preserve the 'on the wire' value [of the SameSite cookie, meaning] the value found in the Set-Cookie header"]
|-
| [https://web.dev/schemeful-samesite/ <code>schemeMap</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1638358#c0 Consider different "schemes" (meaning http vs https) to be different sites]
|}

The '''<code>CONSTRAINT</code>''' clause makes SQLite require the quadruple of <code>name</code>, <code>host</code>, <code>path</code>, <code>originAttributes</code> to be unique.

== Datetime formats ==
There are 3 dateime fields: '''expiry''', '''lastAccessed''', and '''creationTime'''.

<code>expiry</code> is stored in standard [[Unix time|Unix timestamp]] format. In SQLite, this can be converted to a human-readable format with <code>datetime("expiry", 'unixepoch')</code>.

However, <code>lastAccessed</code> and <code>creationTime</code> are in microseconds since the [[Unix time|Unix epoch]]. To convert to a human-readable format in SQLite use <code>datetime(("creationTime"/1000000),'unixepoch')</code>.

== Links ==
* [http://news.cnet.com/8301-1023_3-57591052-93/ad-group-blasts-cookie-privacy-project-from-mozilla-stanford/ Ad group blasts cookie-privacy project from Mozilla, Stanford]
* [http://blogs.computerworlduk.com/open-enterprise/2013/08/did-you-know-that-mozilla-is-hijacking-the-internet/index.htm Commentary on Digital Advertising Alliance's criticism of Mozilla]
* [https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/ Self-destructing cookie plugin: removes cookies when you close a tab]
* [https://www.i-dont-care-about-cookies.eu/ Plugin to get rid of cookie warnings]
* [https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers Mozilla Wiki - Security/Contextual Identity Project/Containers]

[[Category:SQLite based file formats]]
[[Category:Mozilla]]

Firefox cookie database

2022-09-19T22:57:28Z

KlfJoat: Wording for path

{{FormatInfo
|formattype=electronic
|subcat=Web
|subcat2=Web browser files
}}

Cookies in Firefox are stored in an [[SQLite]] format database found in the file '''cookies.sqlite''' in the currently-active user profile directory (exact path is system-dependent). Also, the write-ahead-logging and shared-memory files '''cookies.sqlite-wal''' and '''cookies.sqlite-shm''' are used, but the latter two are re-integrated into the main database file and deleted when you close the browser.

The structure is seen in this SQL command embedded in the file:

<code>CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, isSecure INTEGER, isHttpOnly INTEGER, baseDomain TEXT, creationTime INTEGER)</code>

== Firefox Contextual Identity Project (Containers) ==
Firefox has implemented OriginAttributes in internal APIs to support features like [https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/ Multi-Account Containers]. Based on that, the same cookie name at the same host on the same path may return multiple values due to different originAttributes values (representing different containers).

As of Firefox 104 (released 2022-08-23), the '''cookies.sqlite''' schema is:

<code><nowiki>CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, originAttributes TEXT NOT NULL DEFAULT '', name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, creationTime INTEGER, isSecure INTEGER, isHttpOnly INTEGER, inBrowserElement INTEGER DEFAULT 0, sameSite INTEGER DEFAULT 0, rawSameSite INTEGER DEFAULT 0, schemeMap INTEGER DEFAULT 0, CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes))</nowiki></code>

{| class="wikitable" style="margin-left: 0px; margin-right: auto;"
|+ Human-Friendly Schema
|-
! Field Name !! Type !! Schema !! Notes
|-
| <code>id</code> || <code>INTEGER</code> || <code>PRIMARY KEY</code> || SQLite unique row ID
|-
| <code>originAttributes</code> || <code>TEXT</code> || <code><nowiki>NOT NULL DEFAULT ''</nowiki></code> || Values mapped to containers in <code>conatiners.json</code>. Some containers, like the one for extensions (<code>userContextIdInternal.webextStorageLocal</code>), will always exist even if the Multi-Account Container or Firefox Container extensions are not installed.
|-
| <code>name</code> || <code>TEXT</code> || || Cookie name
|-
| <code>value</code> || <code>TEXT</code> || || Cookie value
|-
| <code>host</code> || <code>TEXT</code> || || Hostname that owns the cookie
|-
| <code>path</code> || <code>TEXT</code> || || Pathname that owns the cookie at the host
|-
| <code>expiry</code> || <code>INTEGER</code> || || Cookie expiration in standard [[Unix time|Unix timestamp]] format
|-
| <code>lastAccessed</code> || <code>INTEGER</code> || || Cookie last accessed time in microseconds since the [[Unix time|Unix epoch]]
|-
| <code>creationTime</code> || <code>INTEGER</code> || || Cookie creation time in microseconds since the [[Unix time|Unix epoch]]
|-
| <code>isSecure</code> || <code>INTEGER</code> || || Send/receive cookie over HTTPS only. Set in Set-Cookie header
|-
| <code>isHttpOnly</code> || <code>INTEGER</code> || || Access to the cookie via client-side script is prevented. Set in Set-Cookie header
|-
| <code>inBrowserElement</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=756648#c11 Legacy Firefox OS setting to create "cookie jars"]
|-
| [https://web.dev/samesite-cookies-explained/#explicitly-state-cookie-usage-with-the-samesite-attribute <code>sameSite</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || Cookies should only be readable by the same site that set them. Set in Set-Cookie header
|-
| <code>rawSameSite</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c19 "Preserve the 'on the wire' value [of the SameSite cookie, meaning] the value found in the Set-Cookie header"]
|-
| [https://web.dev/schemeful-samesite/ <code>schemeMap</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1638358#c0 Consider different "schemes" (meaning http vs https) to be different sites
|}

The '''<code>CONSTRAINT</code>''' clause makes SQLite require the quadruple of <code>name</code>, <code>host</code>, <code>path</code>, <code>originAttributes</code> to be unique.

== Datetime formats ==
There are 3 dateime fields: '''expiry''', '''lastAccessed''', and '''creationTime'''.

<code>expiry</code> is stored in standard [[Unix time|Unix timestamp]] format. In SQLite, this can be converted to a human-readable format with <code>datetime("expiry", 'unixepoch')</code>.

However, <code>lastAccessed</code> and <code>creationTime</code> are in microseconds since the [[Unix time|Unix epoch]]. To convert to a human-readable format in SQLite use <code>datetime(("creationTime"/1000000),'unixepoch')</code>.

== Links ==
* [http://news.cnet.com/8301-1023_3-57591052-93/ad-group-blasts-cookie-privacy-project-from-mozilla-stanford/ Ad group blasts cookie-privacy project from Mozilla, Stanford]
* [http://blogs.computerworlduk.com/open-enterprise/2013/08/did-you-know-that-mozilla-is-hijacking-the-internet/index.htm Commentary on Digital Advertising Alliance's criticism of Mozilla]
* [https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/ Self-destructing cookie plugin: removes cookies when you close a tab]
* [https://www.i-dont-care-about-cookies.eu/ Plugin to get rid of cookie warnings]
* [https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers Mozilla Wiki - Security/Contextual Identity Project/Containers]

[[Category:SQLite based file formats]]
[[Category:Mozilla]]

Netscape cookies.txt

2022-09-19T22:57:01Z

KlfJoat: clarity on FF cookie file locking

Netscape cookies.txt

2022-09-19T22:55:22Z

KlfJoat: Create page with basic info

{{FormatInfo
|formattype=electronic
|subcat=Web
|subcat2=Web browser files
}}

In the past, the Netscape browser was so dominant that many tools emulated its cookie file format. The browser market moved on, but the <code>'''cookies.txt'''</code> file format remains in use by fundamental and popular tools such as [https://curl.se/ curl], [https://www.gnu.org/software/wget/ wget], and [https://youtube-dl.org/ youtube-dl], as well as many others.

== File format ==
Officially, the first line of the file must be one of the following:
* <code># HTTP Cookie File</code>
* <code># Netscape HTTP Cookie File</code>

Fields are [[Tab delimited|separated by tab characters]] (<code>\t</code> or <code>\009</code> or <code>0x09</code>).

Lines are separated by the newline format in use by the running operating system. That means <code>CRLF</code> (<code>\r\n</code>) for Windows and <code>LF</code> (<code>\n</code>) for Unix-like systems such as Linux, macOS, FreeBSD, etc.

The 7 fields are as follows.

{| class="wikitable" style="margin-left: 0px; margin-right: auto;"
|+ Human-Friendly Schema
|-
! Field Name !! Type !! Example Value || Notes
|-
| host || string || <code>example.com</code> || Hostname that owns the cookie
|-
| subdomains || boolean string || <code>FALSE</code> || Include subdomains (old attempt at SameSite)
|-
| path || string || <code>/</code> || Pathname that owns the cookie at the host
|-
| isSecure || boolean string || <code>TRUE</code> || Send/receive cookie over HTTPS only.
|-
| expiry || number || <code>1663611142</code> || Cookie expiration in standard [[Unix time|Unix timestamp]] format
|-
| name || string || <code>cookiename</code> || Cookie name
|-
| value || string || <code>cookievalue</code> || Cookie value
|}

== Example file ==
# HTTP Cookie File
example.com FALSE / TRUE 1663611142 cookiename cookievalue
example.net FALSE / FALSE 1125326700 cookiename cookievalue
example.org TRUE / FALSE 1000210440 cookiename cookievalue
example.com FALSE /a/ FALSE 1596693600 cookiename cookievalue

== Extract cookies to Netscape cookies.txt format ==
This is a common need so extensions exist for Chrome and Firefox.
* [https://chrome.google.com/webstore/detail/get-cookiestxt/bgaddhkoddajcdgocldbbfleckgcbcid/ Chrome - Get cookies.txt]
* [https://addons.mozilla.org/en-US/firefox/addon/cookies-txt/ Firefox - cookies.txt]

=== Code snippet to extract cookies from Mozilla Firefox to Netscape cookies.txt format ===
It may be useful to extract your own cookies by running a script. This is a small excerpt of a larger script, so it will not run alone as-is. This portion will take a [[Firefox cookie database]], convert it to cookies.txt format, then echo it to <code>stdout</code>. The work before this snippet plus capturing the output are beyond the scope of this page.

Because of format changes, some data type conversions must be performed during the extract. This is done in the <code>case</code> statements.

'''This snippet of code is not compatible with the Multi-Account Container Extension or the Facebook Container Extension. Multiple cookies that match the same host/path/name tuple might be output. Depending on the website and the way the cookies.txt file is parsed by the tool you're using, you may find inconsistent, unexpected, or contradictory behavior.'''

Prerequisites:
* A Bourne-compatible shell with support for [https://en.wikipedia.org/wiki/Here_document here documents], such as <code>sh</code>, <code>csh</code>, <code>tcsh</code>, <code>ksh</code>, <code>bash</code>, and <code>zsh</code> to name a few.
* The sqlite3 binary.

echo "# HTTP Cookie File"
sqlite3 -separator ' ' "cookies.sqlite" <<- EOF
.mode tabs
.header off
select host,
case substr(host,1,1)='.' when 0 then 'FALSE' else 'TRUE' end,
path,
case isSecure when 0 then 'FALSE' else 'TRUE' end,
expiry,
name,
value
from moz_cookies;
EOF

Firefox locks the <code>cookies.sqlite</code> file. If you want to run the above script you must either exit Firefox or copy the file to a temporary location.

== Notes ==
* The [https://github.com/yt-dlp/yt-dlp yt-dlp] project supports pulling cookies from the browser natively with <code>--cookies-from-browser</code> as well as the legacy cookies.txt format.

== Links ==
* [https://everything.curl.dev/http/cookies/fileformat cURL cookie file format]

[[Category:Text-based data]]

Web browser files

2022-09-19T21:43:42Z

KlfJoat: /* Cookies */

{{FormatInfo
|formattype=electronic
|subcat=Web
|thiscat=Web browser files
}}

Web browsers save a number of files, including bookmarks (or favorites) of web pages you want to revisit, configuration settings, temporary caches, and cookies stored by the browser when sent from sites you visit. Some of these are kept as permanent settings, while others are temporary and go away eventually.

== Bookmarks ==

* [[AOL Personal Filing Cabinet]] (includes bookmarks/favorites as well as email)
* [[Chrome bookmarks]]
* [[Firefox bookmarks]]
* [[Internet Explorer favorites]]
* [[Lynx bookmarks]]
* [[Mosaic hotlists]]
* [[Netscape bookmarks]]
* [[Safari bookmarks]]

== Caches and History files ==

* [[Chrome disk cache]]
* [[Firefox history file]]
* [[History.db]]
* [[HistoryIndex.sk]]
* [[History.plist]]
* [[Internet Explorer history file]]

== Configuration files ==

== Cookies ==
* [[Firefox cookie database]]
* [[Netscape cookies.txt]]
* [[libwww-perl cookie_jar]]
* [[Safari cookies]]

== Plug-ins and add-ons ==
* [[Google Toolbar Search History File]]

== Save and archive files ==
* [[Konqueror web archive]]
* [[Webarchive (Safari)]]

== Links ==
* [https://panopticlick.eff.org/ How unique and trackable is your browser?]
* [http://www.youtube.com/watch?v=s4zpL4VBbuU&feature=youtu.be Chrome for Android remote debugging (video)]
* [https://github.com/lclevy/firepwd/blob/master/mozilla_pbe.pdf Mozilla Password Based Encryption]

Firefox cookie database

2022-09-19T21:41:57Z

KlfJoat: Add info on current schema and multi-account containers, making it more human-readable than just a CREATE TABLE line by adding a table.

{{FormatInfo
|formattype=electronic
|subcat=Web
|subcat2=Web browser files
}}

Cookies in Firefox are stored in an [[SQLite]] format database found in the file '''cookies.sqlite''' in the currently-active user profile directory (exact path is system-dependent). Also, the write-ahead-logging and shared-memory files '''cookies.sqlite-wal''' and '''cookies.sqlite-shm''' are used, but the latter two are re-integrated into the main database file and deleted when you close the browser.

The structure is seen in this SQL command embedded in the file:

<code>CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, isSecure INTEGER, isHttpOnly INTEGER, baseDomain TEXT, creationTime INTEGER)</code>

== Firefox Contextual Identity Project (Containers) ==
Firefox has implemented OriginAttributes in internal APIs to support features like [https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/ Multi-Account Containers]. Based on that, the same cookie name at the same host on the same path may return multiple values due to different originAttributes values (representing different containers).

As of Firefox 104 (released 2022-08-23), the '''cookies.sqlite''' schema is:

<code><nowiki>CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, originAttributes TEXT NOT NULL DEFAULT '', name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, creationTime INTEGER, isSecure INTEGER, isHttpOnly INTEGER, inBrowserElement INTEGER DEFAULT 0, sameSite INTEGER DEFAULT 0, rawSameSite INTEGER DEFAULT 0, schemeMap INTEGER DEFAULT 0, CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes))</nowiki></code>

{| class="wikitable" style="margin-left: 0px; margin-right: auto;"
|+ Human-Friendly Schema
|-
! Field Name !! Type !! Schema !! Notes
|-
| <code>id</code> || <code>INTEGER</code> || <code>PRIMARY KEY</code> || SQLite unique row ID
|-
| <code>originAttributes</code> || <code>TEXT</code> || <code><nowiki>NOT NULL DEFAULT ''</nowiki></code> || Values mapped to containers in <code>conatiners.json</code>. Some containers, like the one for extensions (<code>userContextIdInternal.webextStorageLocal</code>), will always exist even if the Multi-Account Container or Firefox Container extensions are not installed.
|-
| <code>name</code> || <code>TEXT</code> || || Cookie name
|-
| <code>value</code> || <code>TEXT</code> || || Cookie value
|-
| <code>host</code> || <code>TEXT</code> || || Hostname that owns the cookie
|-
| <code>path</code> || <code>TEXT</code> || || Pathname at that host that owns the cookie
|-
| <code>expiry</code> || <code>INTEGER</code> || || Cookie expiration in standard [[Unix time|Unix timestamp]] format
|-
| <code>lastAccessed</code> || <code>INTEGER</code> || || Cookie last accessed time in microseconds since the [[Unix time|Unix epoch]]
|-
| <code>creationTime</code> || <code>INTEGER</code> || || Cookie creation time in microseconds since the [[Unix time|Unix epoch]]
|-
| <code>isSecure</code> || <code>INTEGER</code> || || Send/receive cookie over HTTPS only. Set in Set-Cookie header
|-
| <code>isHttpOnly</code> || <code>INTEGER</code> || || Access to the cookie via client-side script is prevented. Set in Set-Cookie header
|-
| <code>inBrowserElement</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=756648#c11 Legacy Firefox OS setting to create "cookie jars"]
|-
| [https://web.dev/samesite-cookies-explained/#explicitly-state-cookie-usage-with-the-samesite-attribute <code>sameSite</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || Cookies should only be readable by the same site that set them. Set in Set-Cookie header
|-
| <code>rawSameSite</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c19 "Preserve the 'on the wire' value [of the SameSite cookie, meaning] the value found in the Set-Cookie header"]
|-
| [https://web.dev/schemeful-samesite/ <code>schemeMap</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1638358#c0 Consider different "schemes" (meaning http vs https) to be different sites
|}

The '''<code>CONSTRAINT</code>''' clause makes SQLite require the quadruple of <code>name</code>, <code>host</code>, <code>path</code>, <code>originAttributes</code> to be unique.

== Datetime formats ==
There are 3 dateime fields: '''expiry''', '''lastAccessed''', and '''creationTime'''.

<code>expiry</code> is stored in standard [[Unix time|Unix timestamp]] format. In SQLite, this can be converted to a human-readable format with <code>datetime("expiry", 'unixepoch')</code>.

However, <code>lastAccessed</code> and <code>creationTime</code> are in microseconds since the [[Unix time|Unix epoch]]. To convert to a human-readable format in SQLite use <code>datetime(("creationTime"/1000000),'unixepoch')</code>.

== Links ==
* [http://news.cnet.com/8301-1023_3-57591052-93/ad-group-blasts-cookie-privacy-project-from-mozilla-stanford/ Ad group blasts cookie-privacy project from Mozilla, Stanford]
* [http://blogs.computerworlduk.com/open-enterprise/2013/08/did-you-know-that-mozilla-is-hijacking-the-internet/index.htm Commentary on Digital Advertising Alliance's criticism of Mozilla]
* [https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/ Self-destructing cookie plugin: removes cookies when you close a tab]
* [https://www.i-dont-care-about-cookies.eu/ Plugin to get rid of cookie warnings]
* [https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers Mozilla Wiki - Security/Contextual Identity Project/Containers]

[[Category:SQLite based file formats]]
[[Category:Mozilla]]

Firefox cookie database

2022-08-16T04:59:21Z

KlfJoat: Expand with information on how datetime fields are formatted