Firefox cookie database

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
m (Wording for path)
m (Links, brackets, and parentheses.)
 
(One intermediate revision by one user not shown)
Line 49: Line 49:
 
| [https://web.dev/samesite-cookies-explained/#explicitly-state-cookie-usage-with-the-samesite-attribute <code>sameSite</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || Cookies should only be readable by the same site that set them. Set in Set-Cookie header
 
| [https://web.dev/samesite-cookies-explained/#explicitly-state-cookie-usage-with-the-samesite-attribute <code>sameSite</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || Cookies should only be readable by the same site that set them. Set in Set-Cookie header
 
|-
 
|-
| <code>rawSameSite</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c19 "Preserve the 'on the wire' value [of the SameSite cookie, meaning] the value found in the Set-Cookie header"]
+
| <code>rawSameSite</code> || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c19 "Preserve the 'on the wire' value (of the SameSite cookie), meaning the value found in the Set-Cookie header"]
 
|-
 
|-
| [https://web.dev/schemeful-samesite/ <code>schemeMap</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1638358#c0 Consider different "schemes" (meaning http vs https) to be different sites  
+
| [https://web.dev/schemeful-samesite/ <code>schemeMap</code>] || <code>INTEGER</code> || <code>DEFAULT 0</code> || [https://bugzilla.mozilla.org/show_bug.cgi?id=1638358#c0 Consider different "schemes" (meaning http vs https) to be different sites]
 
|}
 
|}
  

Latest revision as of 17:31, 5 October 2022

File Format
Name Firefox cookie database
Ontology

Cookies in Firefox are stored in an SQLite format database found in the file cookies.sqlite in the currently-active user profile directory (exact path is system-dependent). Also, the write-ahead-logging and shared-memory files cookies.sqlite-wal and cookies.sqlite-shm are used, but the latter two are re-integrated into the main database file and deleted when you close the browser.

The structure is seen in this SQL command embedded in the file:

CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, isSecure INTEGER, isHttpOnly INTEGER, baseDomain TEXT, creationTime INTEGER)

[edit] Firefox Contextual Identity Project (Containers)

Firefox has implemented OriginAttributes in internal APIs to support features like Multi-Account Containers. Based on that, the same cookie name at the same host on the same path may return multiple values due to different originAttributes values (representing different containers).

As of Firefox 104 (released 2022-08-23), the cookies.sqlite schema is:

CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, originAttributes TEXT NOT NULL DEFAULT '', name TEXT, value TEXT, host TEXT, path TEXT, expiry INTEGER, lastAccessed INTEGER, creationTime INTEGER, isSecure INTEGER, isHttpOnly INTEGER, inBrowserElement INTEGER DEFAULT 0, sameSite INTEGER DEFAULT 0, rawSameSite INTEGER DEFAULT 0, schemeMap INTEGER DEFAULT 0, CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes))

Human-Friendly Schema
Field Name Type Schema Notes
id INTEGER PRIMARY KEY SQLite unique row ID
originAttributes TEXT NOT NULL DEFAULT '' Values mapped to containers in conatiners.json. Some containers, like the one for extensions (userContextIdInternal.webextStorageLocal), will always exist even if the Multi-Account Container or Firefox Container extensions are not installed.
name TEXT Cookie name
value TEXT Cookie value
host TEXT Hostname that owns the cookie
path TEXT Pathname that owns the cookie at the host
expiry INTEGER Cookie expiration in standard Unix timestamp format
lastAccessed INTEGER Cookie last accessed time in microseconds since the Unix epoch
creationTime INTEGER Cookie creation time in microseconds since the Unix epoch
isSecure INTEGER Send/receive cookie over HTTPS only. Set in Set-Cookie header
isHttpOnly INTEGER Access to the cookie via client-side script is prevented. Set in Set-Cookie header
inBrowserElement INTEGER DEFAULT 0 Legacy Firefox OS setting to create "cookie jars"
sameSite INTEGER DEFAULT 0 Cookies should only be readable by the same site that set them. Set in Set-Cookie header
rawSameSite INTEGER DEFAULT 0 "Preserve the 'on the wire' value (of the SameSite cookie), meaning the value found in the Set-Cookie header"
schemeMap INTEGER DEFAULT 0 Consider different "schemes" (meaning http vs https) to be different sites

The CONSTRAINT clause makes SQLite require the quadruple of name, host, path, originAttributes to be unique.

[edit] Datetime formats

There are 3 dateime fields: expiry, lastAccessed, and creationTime.

expiry is stored in standard Unix timestamp format. In SQLite, this can be converted to a human-readable format with datetime("expiry", 'unixepoch').

However, lastAccessed and creationTime are in microseconds since the Unix epoch. To convert to a human-readable format in SQLite use datetime(("creationTime"/1000000),'unixepoch').

[edit] Links

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox