This plugin manipulates cookie handling in firefox. When a request is
sent, the url is checked against a list of regexes, and if it matches, the
corresponding suffix is added to the domain in the url and cookies are added
to the request based on this modified url. When a response is recieved, the
url of is checked against the same list of regexes, and if it matches, the
cookies are added with a domain suffix.
Download link/changelog
The latest version 1.0.5.1, is available by clicking
here.
How to configure
The configuration dialog is under Tools/Add-ons. And it's somewhat
difficult to use. What the buttons do first...
- Up / Down: These move the selected rule up or down (the rules are
processed top down); If you click it repeatedly, it moves the same rule up
or down, but the highlight doesn't move.
- New Regex: This changes to the rule edit screen (described below);
make sure to hit save if you want to save, if you just hit OK (at the
bottom), it won't be saved. The new rule is added to the bottom of the
list.
- Edit Regex: This changes to the rule edit screen for the selected rule (described below);
make sure to hit save if you want to save, if you just hit OK (at the
bottom), it won't be saved.
- Delete regex: deletes the selected rule.
What a rule means / fields in the edit screen:
- urlregex: If this regex matches the url of a request, cookie mangling
will happen (subject to cookieregex)
- cookieregex (out of order): If this is set, cookie managling will only
happen if the cookie name matches the regex
- suffix: this will be added to the domain name of matching cookies. If the
suffix is blank, the cookie is not mangled. The first rule that matches is
the only suffix processed, so setting the suffix to blank lets you add an
exception to processing.
Example
Assumptions:
- example.org has a public production login system at login.example.org, which uses cookies with names
user and auth in domain .example.org.
- example.org has an alpha login system, at alpha.login.example.org,
which also uses cookies named user and auth, in .example.org.
- example.org also has an employee only login system, that uses a
cookie named employee, in domain .example.org. This auth system is in
parallel to the public/alpha systems
- In general, hostnames of the type corp.example.org should use the alpha
login system.
- In specific, debug.corp.example.org needs to have production login
cookies.
- Employees may want to be logged into the production, alpha, and
employee login systems simultaneously.
With normal cookie handling, and this setup, if someone logs into the
alpha login system, they are logged out of the production system; but they
can be logged into either alpha or production (or neither) and the employee
system. With MultiCookie, they can be logged into all three simultaneously, in a single
browser instance. Here's how to do it:
| url regex | cookie domain suffix | cookie
regex | notes |
|---|
| corp.example.org | | employee | Add an exception
for the employee login system |
| debug.corp.example.org | | | Add an exception
for debug.corp.example.org |
| corp.example.org | corp | | Add the suffix .corp
to all cookies while talking to corp.example.org machines |
| alpha.login.example.org | corp | | Add the suffix .corp
to all cookies from alpha.login as well |
After doing this, if you log into the alpha login, and then look in
Firefox's cookie viewer, you'll see the user and auth cookies listed in the
domain .example.org.corp. If you visit newproduct.corp.example.org, and it
sets a cookie in the domain newproduct.corp.example.org, this would show up
in the cookie viewer as newproduct.corp.example.org.corp.
History
- 1.0.5.1 adds: public key signature, so I can serve updates with http
- 1.0.5 adds: fixes issues with Set-Cookie ending with ;
- 1.0.4 adds: will install with Firefox 3
- 1.0.3 adds: rules to match cookie names. Provisions for auto update.
- 1.0.2 adds: support for blank suffix, means "don't change behavior",
can be used as an exception to a broader rule
Questions/Comments
Send questions, comments, or patches (especially patches! the UI sucks) to multicookie@enslaves.us