New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 30786 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Last visit 26 days ago
Closed: Jan 2010
Cc:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug
M-5

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment

Can't delete cookies with JavaScript and chromeframe

Reported by sembia...@gmail.com, Dec 18 2009

Issue description

ChromeFrame version: 4.0.266.0 (Official Build 33992)
WebKit: 532.6  V8: 2.0.31
IE8 Vista

Related URL(s): http://telparia.com/chromeframeDeleteCookieTest/

Steps to reproduce the issue:
1. Set a cookie server side with PHP or JSP
2. Delete the cookie with JavaScript
3. Read the cookie with JavaScript

What do you expect to happen?
You should get 'null' since the cookie has been deleted.

What do you see instead?
You see the value of the cookie.


If a cookie is set server side, you cannot delete the cookie with
JavaScript when running chromeframe.

Works in every other browser, including chrome and IE.

http://telparia.com/chromeframeDeleteCookieTest/

I've attached a sample index.php file and a index.jsp file, either one can
be used to reproduce the test along with the URL mentioned above.
 
index.php
1.3 KB View Download
index.jsp
1.2 KB View Download

Comment 1 by sembia...@gmail.com, Dec 18 2009

Note, if you CREATE the cookie client side, with JavaScript, then you can correctly
delete the cookie and when you read it back it's null.

It's only if the cookie was set by the HTTP response of the server for the page. Then
you can't delete it.
Labels: Mstone-5
Status: Available
Status: Fixed
New Revision: 35769

Log:
Deleting cookies by setting the expires attribute on them with an empty value would 
not work in ChromeFrame
with the host network stack enabled. When we receive a response in the host browser 
(IE) we send over the
response headers which include the Set-Cookie header and a list of cookies retreived 
via the InternetGetCookie
API. We call this API to retrieve the persistent cookies and send them over to 
Chrome.

However this API returns session cookies as well as persistent cookies. There is no 
documented way to return
only persistent cookies from IE. As a result we would end up setting duplicate 
cookies in Chrome, which caused
this issu.e. To workaround this issue when we receive the response in the url request 
automation job which
handles ChromeFrame network requests, we strip out duplicate cookies sent via 
InternetGetCookie.

When a script deletes a cookie we now handle it correctly in IE and set the data to 
an empty string. However
this does not delete the cookie. When such cookies show up in Chrome, we strip them 
out as well.

Fixes bug http://code.google.com/p/chromium/issues/detail?id=30786

The changes to chrome_frame_npapi.cc/.h are to move the NPAPI functions to the 
chrome_frame namespace as they
conflict with similar functions in NACL.

Added the DeleteCookie function to the CookieStore interface, which I think missed 
out by oversight.

Bug= 30786 
Test=Covered by ChromeFrame unit tests. I also added a unit test to test the newly 
added
    URLRequestAutomationJob::IsCookiePresentInCookieHeader function

Review URL: http://codereview.chromium.org/518054

Comment 5 by bugdro...@gmail.com, Jan 11 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=35769 

------------------------------------------------------------------------
r35769 | ananta@chromium.org | 2010-01-07 18:57:03 -0800 (Thu, 07 Jan 2010) | 25 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/automation_profile_impl.cc?r1=35769&r2=35768
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/url_request_automation_job.cc?r1=35769&r2=35768
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/url_request_automation_job.h?r1=35769&r2=35768
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/resource_message_filter.cc?r1=35769&r2=35768
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame.gyp?r1=35769&r2=35768
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_activex_base.h?r1=35769&r2=35768
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_npapi.cc?r1=35769&r2=35768
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_npapi_entrypoints.cc?r1=35769&r2=35768
   A http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_npapi_entrypoints.h
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/chrome_frame_unittests.cc?r1=35769&r2=35768
   A http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/data/fulltab_delete_cookie_test.html
   A http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/data/fulltab_delete_cookie_test.html.mock-http-headers
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/html_util_unittests.cc?r1=35769&r2=35768
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/base/cookie_store.h?r1=35769&r2=35768

Deleting cookies by setting the expires attribute on them with an empty value would not work in ChromeFrame
with the host network stack enabled. When we receive a response in the host browser (IE) we send over the
response headers which include the Set-Cookie header and a list of cookies retreived via the InternetGetCookie
API. We call this API to retrieve the persistent cookies and send them over to Chrome.

However this API returns session cookies as well as persistent cookies. There is no documented way to return
only persistent cookies from IE. As a result we would end up setting duplicate cookies in Chrome, which caused
this issu.e. To workaround this issue when we receive the response in the url request automation job which
handles ChromeFrame network requests, we strip out duplicate cookies sent via InternetGetCookie.

When a script deletes a cookie we now handle it correctly in IE and set the data to an empty string. However
this does not delete the cookie. When such cookies show up in Chrome, we strip them out as well.

Fixes bug http://code.google.com/p/chromium/issues/detail?id=30786

The changes to chrome_frame_npapi.cc/.h are to move the NPAPI functions to the chrome_frame namespace as they
conflict with similar functions in NACL.

Added the DeleteCookie function to the CookieStore interface, which I think missed out by oversight.

Bug= 30786 
Test=Covered by ChromeFrame unit tests. I also added a unit test to test the newly added
     URLRequestAutomationJob::IsCookiePresentInCookieHeader function

Review URL: http://codereview.chromium.org/518054
------------------------------------------------------------------------

Comment 6 by bugdro...@gmail.com, Jan 11 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=35771 

------------------------------------------------------------------------
r35771 | tyoshino@chromium.org | 2010-01-07 19:38:29 -0800 (Thu, 07 Jan 2010) | 38 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/automation_profile_impl.cc?r1=35771&r2=35770
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/url_request_automation_job.cc?r1=35771&r2=35770
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/url_request_automation_job.h?r1=35771&r2=35770
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/resource_message_filter.cc?r1=35771&r2=35770
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame.gyp?r1=35771&r2=35770
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_activex_base.h?r1=35771&r2=35770
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_npapi.cc?r1=35771&r2=35770
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_npapi_entrypoints.cc?r1=35771&r2=35770
   D /trunk/src/chrome_frame/chrome_frame_npapi_entrypoints.h
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/chrome_frame_unittests.cc?r1=35771&r2=35770
   D /trunk/src/chrome_frame/test/data/fulltab_delete_cookie_test.html
   D /trunk/src/chrome_frame/test/data/fulltab_delete_cookie_test.html.mock-http-headers
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/html_util_unittests.cc?r1=35771&r2=35770
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/base/cookie_store.h?r1=35771&r2=35770

Reason:
Linux Builder (ChromiumOS) failed.

http://chrome-buildbot.corp.google.com:8010/builders/Linux%20Builder%20(ChromiumOS)/builds/2050/steps/compile/logs/stdio

Please add changes to external_cookie_handler_unittest.cc no to break compilation
and reland?

----

Revert 35769 - Deleting cookies by setting the expires attribute on them with an empty value would not work in ChromeFrame
with the host network stack enabled. When we receive a response in the host browser (IE) we send over the
response headers which include the SetCookie header and a list of cookies retreived via the InternetGetCookie
API. We call this API to retrieve the persistent cookies and send them over to Chrome.

However this API returns session cookies as well as persistent cookies. There is no documented way to return
only persistent cookies from IE. As a result we would end up setting duplicate cookies in Chrome, which caused
this issu.e. To workaround this issue when we receive the response in the url request automation job which
handles ChromeFrame network requests, we strip out duplicate cookies sent via InternetGetCookie.

When a script deletes a cookie we now handle it correctly in IE and set the data to an empty string. However
this does not delete the cookie. When such cookies show up in Chrome, we strip them out as well.

Fixes bug http://code.google.com/p/chromium/issues/detail?id=30786

The changes to chrome_frame_npapi.cc/.h are to move the NPAPI functions to the chrome_frame namespace as they
conflict with similar functions in NACL.

Added the DeleteCookie function to the CookieStore interface, which I think missed out by oversight.

Bug= 30786 
Test=Covered by ChromeFrame unit tests. I also added a unit test to test the newly added
     URLRequestAutomationJob::IsCookiePresentInCookieHeader function

Review URL: http://codereview.chromium.org/518054

TBR=ananta@chromium.org
Review URL: http://codereview.chromium.org/517070
------------------------------------------------------------------------

Comment 7 by bugdro...@gmail.com, Jan 11 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=35778 

------------------------------------------------------------------------
r35778 | ananta@chromium.org | 2010-01-07 21:55:50 -0800 (Thu, 07 Jan 2010) | 29 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/automation_profile_impl.cc?r1=35778&r2=35777
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/url_request_automation_job.cc?r1=35778&r2=35777
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/url_request_automation_job.h?r1=35778&r2=35777
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/chromeos/external_cookie_handler_unittest.cc?r1=35778&r2=35777
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/resource_message_filter.cc?r1=35778&r2=35777
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame.gyp?r1=35778&r2=35777
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_activex_base.h?r1=35778&r2=35777
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_npapi.cc?r1=35778&r2=35777
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_npapi_entrypoints.cc?r1=35778&r2=35777
   A http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/chrome_frame_npapi_entrypoints.h
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/chrome_frame_unittests.cc?r1=35778&r2=35777
   A http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/data/fulltab_delete_cookie_test.html
   A http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/data/fulltab_delete_cookie_test.html.mock-http-headers
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/html_util_unittests.cc?r1=35778&r2=35777
   M http://src.chromium.org/viewvc/chrome/trunk/src/net/base/cookie_store.h?r1=35778&r2=35777

Attempt 2 at landing this.

Deleting cookies by setting the expires attribute on them with an empty value would not work in ChromeFrame
with the host network stack enabled. When we receive a response in the host browser (IE) we send over the
response headers which include the Set-Cookie header and a list of cookies retreived via the InternetGetCookie
API. We call this API to retrieve the persistent cookies and send them over to Chrome.

However this API returns session cookies as well as persistent cookies. There is no documented way to return
only persistent cookies from IE. As a result we would end up setting duplicate cookies in Chrome, which caused
this issu.e. To workaround this issue when we receive the response in the url request automation job which
handles ChromeFrame network requests, we strip out duplicate cookies sent via InternetGetCookie.

When a script deletes a cookie we now handle it correctly in IE and set the data to an empty string. However
this does not delete the cookie. When such cookies show up in Chrome, we strip them out as well.

Fixes bug http://code.google.com/p/chromium/issues/detail?id=30786

The changes to chrome_frame_npapi.cc/.h are to move the NPAPI functions to the chrome_frame namespace as they
conflict with similar functions in NACL.

Added the DeleteCookie function to the CookieStore interface, which I think missed out by oversight.

Bug= 30786 
Test=Covered by ChromeFrame unit tests. I also added a unit test to test the newly added
    URLRequestAutomationJob::IsCookiePresentInCookieHeader function

TBR=amit

Review URL: http://codereview.chromium.org/521072
------------------------------------------------------------------------

Status: Verified
Verified in Chrome Frame 4.0.295.0 (Official Build 35884).

Comment 9 by tommi@chromium.org, Jan 21 2010

Status: Assigned
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=36749 

------------------------------------------------------------------------
r36749 | tommi@chromium.org | 2010-01-21 07:37:11 -0800 (Thu, 21 Jan 2010) | 9 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/automation_profile_impl.cc?r1=36749&r2=36748
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/url_request_automation_job.cc?r1=36749&r2=36748
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/http_negotiate.cc?r1=36749&r2=36748
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/chrome_frame_unittests.cc?r1=36749&r2=36748
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/data/fulltab_delete_cookie_test.html?r1=36749&r2=36748
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/urlmon_url_request.cc?r1=36749&r2=36748

Fix FullTabModeIE_ChromeFrameDeleteCookieTest.  The problem was that a domain cookie was being set twice although only set once by the server.
The test itself needed fixing as well as an extra check for domain cookies set by a different url than the current url.

There's one other problem remaining however which was initially reported in  bug 30786  and I'll get on that next (bug reopened).

TEST=Run the FullTabModeIE_ChromeFrameDeleteCookieTest test.
BUG= 32546 ,  30786 

Review URL: http://codereview.chromium.org/546104
------------------------------------------------------------------------

Comment 11 by tommi@chromium.org, Jan 22 2010

Status: Fixed
fixed in revision 36831
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=36831 

------------------------------------------------------------------------
r36831 | tommi@chromium.org | 2010-01-21 18:01:50 -0800 (Thu, 21 Jan 2010) | 6 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/url_request_automation_job.cc?r1=36831&r2=36830
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/automation/url_request_automation_job.h?r1=36831&r2=36830
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/chrome_frame_unittests.cc?r1=36831&r2=36830
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame/test/html_util_unittests.cc?r1=36831&r2=36830

Fix for FullTabModeIE_ChromeFrameDeleteCookieTest and issues with deleting persistent cookies as reported in  bug 30786 .

TEST=Run FullTabModeIE_ChromeFrameDeleteCookieTest.
BUG= 32546 , 30786 

Review URL: http://codereview.chromium.org/551101
------------------------------------------------------------------------

Labels: -Area-ChromeFrame bulkmove Feature-ChromeFrame
Project Member

Comment 14 by bugdroid1@chromium.org, Oct 13 2012

Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 15 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Mstone-5 -Feature-ChromeFrame M-5 Cr-ChromeFrame
Project Member

Comment 16 by bugdroid1@chromium.org, Mar 13 2013

Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue

Sign in to add a comment