View Issue Details

IDProjectCategoryView StatusLast Update
0020214phpList 3 applicationBrowser Issuespublic31-07-20 11:59
Reporterduncanc Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version3.5.0 
Target Version3.5.4Fixed in Version3.5.5 
Summary0020214: Firefox will soon reject the browsetrail cookie
DescriptionFirefox developer tools issues a warning about the browsetrail cookie.
TagsNo tags attached.



29-05-20 11:28



29-05-20 20:03

administrator   ~0063166

Resolved with

Assigning to @suela to handle the change log and versioning


30-05-20 07:59

updater   ~0063167

The same applies to the PHPSESSID cookie. The warning appears only once, so I missed that previously.


30-05-20 10:58

administrator   ~0063168

Interesting. I don't get that warning on PHPSESSID. I wonder if that's a system setting.
I guess it's time to take control of the session cookie and set our own, eg phpListSessID, so that we can explicitly control the way it is set.


30-05-20 11:27

administrator   ~0063169

the value on my system is empty, so I'm not sure why I didn't get the warning like you, as I should have.

This should resolve it:


04-07-20 06:09

updater   ~0063196

Last edited: 04-07-20 06:09

View 2 revisions

@michiel I have only just noticed that this change breaks the session handling for the kcfinder image browsing used in ckeditor.
Now not allowed to browse images, getting a pop-up "You don't have permissions to browse server".

Need to investigate what is happening but I suggest reverting this change.


04-07-20 09:39

administrator   ~0063197

It's probably because I renamed the session. I will check this today or tomorrow and then we can fix it.


04-07-20 09:40

administrator   ~0063198

It may also be the


which blocks Javascript from using the cookie.


04-07-20 17:28

updater   ~0063199

It is the session name that is the problem. I should have noticed this earlier because kcfinder uses the default session settings so currently does not work with a different session name or with the "sessions in database" approach.

Maybe if something can be added to config.php or just assume that the session is always going to be called "phpListSession", then I can change kcfinder. Maybe use the cms integration approach.


05-07-20 10:40

administrator   ~0063200

Yes, let's stick to having phpListSession as the session name. This will of course create a version dependency, but considering we bundle the CKeditor with phpList, that should be fine.

Are you happy to make the change?


05-07-20 14:54

administrator   ~0063201

I've submitted

This fixes it for me on my local system, but worth checking it works for you as well.


06-07-20 09:06

updater   ~0063202

There is a new release of the CKEditor plugin that includes the kcfinder session initialisation.