Automatically Delete TEMP Folder in Windows (no installs required)

When I use Linux, I love that anything I place in /tmp will be wiped when I shut the system down. Windows, out of the box, doesn’t do this for your %TEMP% folder. Google this, and you’ll find many people advising to install one free tool or another. I am very wary of unnecessary installations on my Windows machines. The advice given here at WindowsForum.org requires no installations. It was meant for Windows XP Pro, but I found today that it worked just as well on my Windows 7 Professional system.

Unlike the fixed /tmp location in Linux, Windows determines the value of %TEMP% and create that folder dynamically at every login. Firefox doesn’t seem to accept %TEMP% as a valid value in browser.download.dir on about:config. Therefore, I

  1. keep a sidebar shortcut to %TEMP% in Windows Explorer, and
  2. select “Always ask me where to save files” in the Downloads section of the General tab of the Options dialog.

That way, it is easy for me to select my %TEMP% folder when downloading in Firefox, as well to access it from Windows Explorer.

Advertisements

How to Fix Firefox and Chrome Default of Retaining Session Cookies Insecurely

On last week’s episode of the Security Now podcast (Listener Feedback #147, transcript at http://www.grc.com/sn/sn-360.htm), listener Anthony in Melbourne, Australia informed Steve Gibson and the world of a surprising fact. Of the three major browsers, only Internet Explorer respects session cookies properly. By respects, I mean that any web site session cookie should only reside in transient memory and not be persisted to your hard drive.

It appears that for a while now, both Firefox and Chrome have, for the convenience of their users, restored session cookies between browser shut down and restart. This is convenient, but insecure. Only persistent cookies should restore in this way. A common example of the usage of persistent cookies is when you check “keep me logged in” or “remember me” when logging into a site.

Neither Mozilla nor Google seem inclined to revert to the correct secure behavior that IE has kept. If you really love using their browsers (like me), but want to fix this, I’ve given the steps below.

Firefox

As discussed on the podcast, the way to get the correct secure behavior back in Firefox is to browse to about:config, enter ‘sessionstore’ in the search box, and change browser.sessionstore.privacy_level from 0 to 2.

SNAGHTMLf523d9

Chrome

I had to dig around for this one. It seems from the discussion at http://goo.gl/YyHiL that the session cookie-restoring behavior is only in the case where “Continue where I left off” is selected in Chrome’s settings. Note in the picture below, I did not have this set:

SNAGHTMLf96971

Make sure “Continue where I left off” is not selected in your browser either. In addition (from http://code.google.com/p/chromium/issues/detail?id=130291#c27): Browse to chrome://flags, Press CTRL-F and enter ‘disable better’ to jump to the “Disable Better session restore” flag. Enable it.

SNAGHTMLfbe8fc