The global cookie settings have been simplified a little and Opera now supports Site-specific Preferences, which allow you to change the cookie settings on a per-site basis.
The cookie settings under "tools -> preferences -> advanced -> cookies" are referred to as the "global cookie settings" (as opposed to the ones for a site preference).
The cookie settings for a site preference are under "tools -> preferences -> advanced -> content -> manage site preferences -> the site -> edit -> cookies tab".
When you create a site preference, you create it for a certain domain. The domain can be a top-level domain (com), a second-level domain (test.com), or a third-level domain (sub.test.com) etc.
'domain' will be used below to refer to the domain the site preference is for. 'subdomains' will be used below to refer to nth-level domains that are automatically inherited under the site preference domain. 'remote domains' will refer to totally different domains that are considered cross-site.
Like Opera 8.x, you have awesome control of the rules Opera follows. You have default rules, and just like the server manager in 8.x, you can use Site preferences to add exceptions and even exceptions to those exceptions. You can do whitelisting, blacklisting, inheritance and inbetween.
If you add test.com as a site preference, as far as the cookie settings go, sub.test.com is automatically implied and if you have a sub.test.com site preference, its cookie setting doesn't do anything, so you can ignore it. You need to edit the cookie setting in the site preference for test.com instead.
Now, if you want sub1.test.com and sub2.test.com to have different cookie settings, you should not create a test.com site preference. You should create sub1.test.com and sub2.test.com site preferences and set their cookie settings to what you want.
This way, you have control over the inheritance.
An example of this:
1. Set google.com to "Accept cookies" or "Accept only cookies from the site I visit".
2. Set mail.google.com to "Never accept cookies".
In this case, the mail.google.com setting doesn't do anything because it's controlled by google.com's.
That way, you can cover all google services at once if you want.
It is important that you keep inheritance in mind when editing domains in Site preferences, so you get the desired result. This is especially important when you right-click on a page and edit site preferences. You need to take note of the exact domain you're editing. If it's not the exact domain you want to edit, use "manage site preferences" in Opera's preferences to manually add/edit the exact domain you want.
1. Set the global to "Never accept cookies".
2. To add an exception, create a site preference for the domain you want and set it to "Accept cookies" or "Accept only cookies from the site I visit".
If you set the site preference to "Accept only cookies from the site I visit", while visiting this domain, only content that resides on this domain can set cookies. Also, automatic redirects from this domain to another will cause the redirected-to domain to not be able to set cookies.
If you set the site preference to "Accept cookies", while visiting this domain, in addition to the cookies allowed by the "Accept cookies only from the site I visit" rule, content coming from a remote domain can set cookies for its corresponding domain and subdomains IF AND ONLY IF the remote domain also has a site preference that allows cookies for itself. This means that if you want to allow remote domains while visiting this domain, you need to manually add a site preference for each remote domain and set it to "Accept only cookies from the site I visit" or "Accept cookies". In addition, if you have a site that supports OpenID?, you need to add both the site and the OpenID? site to Site Preferences and set both of them to "Accept cookies".
In this case, "Accept cookies" for a site preference DOES NOT cause Opera to behave as if the global is set to "Accept cookies". It's more like, "Accept only cookies that are allowed by Site Preferences". This way you're not automatically getting opted in to remote domains. You have to explicitly add a preference for domains you want to allow.
Set the global to "Accept cookies".
While visiting a domain, if you want to block remote content from setting cookies for its relative domain, add the site you're visiting to Site preferences and set its cookie setting to "Accept only cookies from the site I visit".
While visiting a domain, if you want to block all content on the domain and all content from remote domains from setting cookies, add the domain you're visiting to Site prefrences and set its cookie setting to "Never accept cookies".
Set the global to "Accept only cookies from the site I visit".
With this setting, while visiting a domain, only content coming from the domain can set cookies.
Also, if you are automatically redirected from one domain to another, the redirected-to domain will not be able to set cookies. See 3.3.6 in RFC2965. If you don't like this rule, you can uncheck "Enable automatic redirection" in Opera's network preferences and click through all the redirects. Then, the redirected-to domain will be allowed to set cookies. Also note that when turning off 3rd party cookies in other browsers, they violate this RFC rule and still allow some 3rd party cookies.
However, like the other settings, this can be overridden with a Site preference.
While visiting the domain, if you want to allow remote content to set cookies for the remote content's domain, add the domain you're visiting (not the remote domain) to site preferences and set its cookie setting to "Accept cookies". (This is currently broken in Opera. "Accept cookies" doesn't do anything in this case.)
If you want to block a domain from setting cookies, set its cookie setting to "Never accept cookies".
localhost cookies will be stored under localhost.$localfile$ in the cookie manager. If you want a Site Preference to control localhost cookies, add a site preference for localhost
If you have a local Apache server running for example and visit an http://localhost/ page that sets cookies, the cookies should appear under 'localhost' in the cookie manager. The locahost site preference should control the cookie permissions for it. However, for local servers, it's better to use http://127.0.0.1/ so that its cookies appear under 127.0.0.1 and are controlled by a 127.0.0.1 Site Preference.
If Opera starts acting up with how it follows the cookie settings (like rejecting all cookies even though you have the global set to "Accept cookies" and have no site preferences), something might be corrupted.
To fix this:
1. Close Opera.
2. Delete cookies4.dat in your profile directory.
3. Delete override.ini in your profile directory.
That should fix things by really wiping out cookies and site preferences.
Log in to flickr: Global: Never accept cookies yahoo.com: Accept cookies flickr.com: Accept only cookies from the site I visit
Log in to stackoverflow: Global: Never accept cookies stackoverflow.com: Accept cookies myopenid.com: Accept cookies
This documentation is unofficial. It is developed from messing with the different configs. It should be accurate, but there could be mistakes. If so, please leave a comment or PM http://my.opera.com/burnout426/
Last edited on October 27th, 2008.