New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 620770 link

Starred by 2 users
Status: Fixed
Owner:
mmenke@chromium.org
Closed: Jul 2016
Cc:
mkwst@chromium.org
jww@chromium.org
tfarina@chromium.org
mmenke@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 620852



Sign in to add a comment

Remove CanonicalCookie::Source

Project Member Reported by mmenke@chromium.org, Jun 16 2016 
I just noticed that CanonicalCookies loaded from disk (Or iOS's cookie store) do not have the Source() set.  I don't think cookies loaded from disk should be distinguishable from those that are not, so it seems like we should just make no cookies contain a GURL field.

The only potential problems I'm aware of with doing this is that it may some affect on the UI presented in through cookies_tree_model.cc.  I haven't dug into this in depth, so I could be missing other reasons it matters.

Comment 1 by mmenke@chromium.org, Jun 16 2016

Cc: tfarina@chromium.org

Comment 2 by mmenke@chromium.org, Jun 22 2016

Blocking: 620852
I don't expect this will have a huge memory impact, but still linking to the memory bug.  URLs can be quite long, though per description, this only affects the subset of cookies that have been set since the browser was started, not those loaded from disk.

Comment 3 by mmenke@chromium.org, Jun 30 2016

Owner: mmenke@chromium.org
Status: Started (was: Untriaged)
Project Member

Comment 4 by bugdroid1@chromium.org, Jul 13 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a1663cdfc27bb767da47200b6093fbccd57ce0b1

commit a1663cdfc27bb767da47200b6093fbccd57ce0b1
Author: mmenke <mmenke@chromium.org>
Date: Wed Jul 13 02:51:52 2016

Remove use of CanonicalCookie::Source() from browsing_data.

Source() is only non-NULL on cookies that have been set since the
browser started.  Given this weird behavior, we should remove the
field entirely, to avoid bugs (See, for instance,
 https://crbug.com/624004 ).

The main change is that CookieTreeHostNode will now group cookies
by the domain they're set on instead of the scheme+domain+port that
set them. This was already the behavior for cookies that were loaded
from the cookie store, rather than being set since the last browser
start, so should not make much difference (Also worth nothing scheme
was effectively always http before, since https was replaced with
http, setting cookies on file URLs is not allowed, and extension
cookies use a different cookie store that bypasses this code).

BUG= 620770 

Review-Url: https://codereview.chromium.org/2110483002
Cr-Commit-Position: refs/heads/master@{#404932}

[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/android/preferences/website_preference_bridge.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/browsing_data/browsing_data_cookie_helper_unittest.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/browsing_data/cookies_tree_model.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/browsing_data/cookies_tree_model.h
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/browsing_data/cookies_tree_model_unittest.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/content_settings/local_shared_objects_container.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/ui/webui/options/cookies_view_handler.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/ui/webui/settings/settings_cookies_view_handler.cc
Project Member

Comment 5 by bugdroid1@chromium.org, Jul 13 2016

Labels: merge-merged-2795
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a1663cdfc27bb767da47200b6093fbccd57ce0b1

commit a1663cdfc27bb767da47200b6093fbccd57ce0b1
Author: mmenke <mmenke@chromium.org>
Date: Wed Jul 13 02:51:52 2016

Remove use of CanonicalCookie::Source() from browsing_data.

Source() is only non-NULL on cookies that have been set since the
browser started.  Given this weird behavior, we should remove the
field entirely, to avoid bugs (See, for instance,
 https://crbug.com/624004 ).

The main change is that CookieTreeHostNode will now group cookies
by the domain they're set on instead of the scheme+domain+port that
set them. This was already the behavior for cookies that were loaded
from the cookie store, rather than being set since the last browser
start, so should not make much difference (Also worth nothing scheme
was effectively always http before, since https was replaced with
http, setting cookies on file URLs is not allowed, and extension
cookies use a different cookie store that bypasses this code).

BUG= 620770 

Review-Url: https://codereview.chromium.org/2110483002
Cr-Commit-Position: refs/heads/master@{#404932}

[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/android/preferences/website_preference_bridge.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/browsing_data/browsing_data_cookie_helper_unittest.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/browsing_data/cookies_tree_model.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/browsing_data/cookies_tree_model.h
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/browsing_data/cookies_tree_model_unittest.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/content_settings/local_shared_objects_container.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/ui/webui/options/cookies_view_handler.cc
[modify] https://crrev.com/a1663cdfc27bb767da47200b6093fbccd57ce0b1/chrome/browser/ui/webui/settings/settings_cookies_view_handler.cc

Comment 6 by mmenke@chromium.org, Jul 13 2016 

Erm...Huh?  This CL was not merged.

Comment 7 by mmenke@chromium.org, Jul 13 2016

Labels: -merge-merged-2795
Looks like bugdroid's gone insane - it's added the label to several other CLs, so assume it's the bot that's the problem, and not an incorrect merge.

Comment 8 by mmenke@chromium.org, Jul 18 2016

Status: Fixed (was: Started)
Project Member

Comment 9 by bugdroid1@chromium.org, Jul 20 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2830b0728b273d6fe15ecb28a1c27aa6cddd6c08

commit 2830b0728b273d6fe15ecb28a1c27aa6cddd6c08
Author: mmenke <mmenke@chromium.org>
Date: Wed Jul 20 16:02:50 2016

Fix CanonicalCookie::IsEquivalentForSecureCookieMatching

This method relies on the Source() of a cookie, which is not set
consistently. In particular, it's not set on cookies that have been
loaded from disk. This CL fixes the method, and removes storing the
source URL on cookies entirely to protect against future bugs.

Since the new implementation of IsEquivalentForSecureCookieMatching is
a little more expensive, also reorder code to call it a bit less often.

BUG= 620770 , 624004 

Review-Url: https://codereview.chromium.org/2158863003
Cr-Commit-Position: refs/heads/master@{#406567}

[modify] https://crrev.com/2830b0728b273d6fe15ecb28a1c27aa6cddd6c08/net/cookies/canonical_cookie.cc
[modify] https://crrev.com/2830b0728b273d6fe15ecb28a1c27aa6cddd6c08/net/cookies/canonical_cookie.h
[modify] https://crrev.com/2830b0728b273d6fe15ecb28a1c27aa6cddd6c08/net/cookies/cookie_monster.cc

Sign in to add a comment