Note: The browser I'm using for these tests is the current HEAD from git, built as a headless executable. I don't know how to extract the proper chrome version from the headless executable (there seems to be no way to do so).

Whoops, in any event, it's a build of commit ab5d67b88547ab4b54c2d0fee2783191cb556c6d

As per comment #2 adding @yhirano for more update on this issue.

That is a revert for a test failure. I don't know anything about the original change.

I would at no way assume the issue was introduced at ab5d67b88547ab4b54c2d0fee2783191cb556c6d, I just wanted to canonically link to the point at which I built chromium.

From earlier testing, I think this issue has been present since I reported https://bugs.chromium.org/p/chromium/issues/detail?id=668932, and I'm not sure the api call ever worked. 

ab5d67b88547ab4b54c2d0fee2783191cb556c6d was the latest build when I compiled it, that's the only relevance.

Because I keep failing to be clear - There seems to be no way to get the version of an instance of chromium built as `headless shell`. It doesn't have a `-v`, `--version`, `--help` or any way at all to extract any information about the human readable version of chromium, so the only thing I could think of to link the built application to any actual version is by commit hash.

Another thing I keep meaning to open an issue for is the non-existent CLI documentation. I think at least supporting `--help` and `--version` should be a requirement.

allada, some questions on the contract of clearBrowserCookies protocol method. Can you help explain?

Any info here? This is kind of a stopper for my use of the remote debug interface.

I believe this is due to the fact that clearBrowserCookies is not synchronous (from the last time I looked [~last summer]).

There are a few thread and/or process jumps that happen to clearBrowserCookies and because it was not important to us to get a callback when the clear happened we simply "assumed" it was done successfully once it jumped threads.

This is not the right way to handle it and I have considered changing it to be synchronous and/or give a proper callback, but haven't had the time.

This is not the only area that does this, it also happens with clear cache.

Could you confirm my theory by putting a small sleep maybe 1 second between clearing cookies and retrieving them?

It appears the cookies never get cleared.

Order of operation here:

 1. Navigate to `http://www.whatarecookies.com/cookietest.asp`. This is a garbage site, but it sets *lots* of cookies.
 2. Take sample of browser Cookies via getAllCookies as sample #1
 3. Call Network.clearBrowserCookies
 4. Take sample of browser Cookies via getAllCookies as sample #2
 5. Navigate to goat.com (everyone needs more goats).
 6. Call Network.clearBrowserCookies
 7. Sleep 15 seconds
 8. Take sample of browser Cookies via getAllCookies as sample #3
 9. Sleep 15 seconds
10. Take sample of browser Cookies via getAllCookies as sample #4




durr@buildbox:~/ChromeController$ python3 test.py
Binary: /home/durr/Chromium/src/out/Headless/headless_shell ((), {})
Spawned process: <subprocess.Popen object at 0x7f02a69c0e48>
<ChromeController.transport.ChromeSocketManager object at 0x7f02a61d5470>
Navigating to whatarecookies.com
Sampling cookies #1
Doing cookie clear
Cookie clear result:  {'id': 7, 'result': {}}
Sampling cookies #2
Navigating to goat.com
Doing cookie clear
Cookie clear result:  {'id': 11, 'result': {}}
sleeping 15
Sampling cookies #3
Doing cookie clear
Cookie clear result:  {'id': 13, 'result': {}}
sleeping 15
Sampling cookies #4

Uncleared Cookies (#1):
         {'name': '_gat', 'domain': '.whatarecookies.com', 'secure': Fals <snip>
         {'name': '_ga', 'domain': '.whatarecookies.com', 'secure': False <snip>
         {'name': 'C5', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'D2', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'ASPSESSIONIDQSQQCBDS', 'domain': 'www.whatarecookies.c <snip>
         {'name': 'TDCPM', 'domain': '.adsrvr.org', 'secure': False, 'pat <snip>
         {'name': 'TDID', 'domain': '.adsrvr.org', 'secure': False, 'path <snip>
         {'name': 'IDE', 'domain': '.doubleclick.net', 'secure': False, ' <snip>
         {'name': 'dta', 'domain': 'www.whatarecookies.com', 'secure': Fa <snip>
         {'name': 'u2', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'A6', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'id', 'domain': '.doubleclick.net', 'secure': False, 'p <snip>

Cleared cookies (#2):
         {'name': '_gat', 'domain': '.whatarecookies.com', 'secure': Fals <snip>
         {'name': '_ga', 'domain': '.whatarecookies.com', 'secure': False <snip>
         {'name': 'C5', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'D2', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'ASPSESSIONIDQSQQCBDS', 'domain': 'www.whatarecookies.c <snip>
         {'name': 'TDCPM', 'domain': '.adsrvr.org', 'secure': False, 'pat <snip>
         {'name': 'TDID', 'domain': '.adsrvr.org', 'secure': False, 'path <snip>
         {'name': 'IDE', 'domain': '.doubleclick.net', 'secure': False, ' <snip>
         {'name': 'dta', 'domain': 'www.whatarecookies.com', 'secure': Fa <snip>
         {'name': 'u2', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'A6', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'id', 'domain': '.doubleclick.net', 'secure': False, 'p <snip>

Navigated and cleared cookies after delay (#3):
         {'name': '_gat', 'domain': '.whatarecookies.com', 'secure': Fals <snip>
         {'name': 'rCookie', 'domain': '.airgoat.com', 'secure': False, ' <snip>
         {'name': '_ga', 'domain': '.whatarecookies.com', 'secure': False <snip>
         {'name': 'C5', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'JSESSIONID', 'domain': '.nr-data.net', 'secure': True, <snip>
         {'name': '_gat', 'domain': '.airgoat.com', 'secure': False, 'pat <snip>
         {'name': 'D2', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'ASPSESSIONIDQSQQCBDS', 'domain': 'www.whatarecookies.c <snip>
         {'name': '_s', 'domain': '.app.link', 'secure': False, 'path': ' <snip>
         {'name': 'TDCPM', 'domain': '.adsrvr.org', 'secure': False, 'pat <snip>
         {'name': '__cfduid', 'domain': '.airgoat.com', 'secure': False,  <snip>
         {'name': '__ssid', 'domain': '.airgoat.com', 'secure': False, 'p <snip>
         {'name': 'mp_87d63960c1907a6a1353562385b48ea1_mixpanel', 'domain <snip>
         {'name': 'TDID', 'domain': '.adsrvr.org', 'secure': False, 'path <snip>
         {'name': 'IDE', 'domain': '.doubleclick.net', 'secure': False, ' <snip>
         {'name': 'fr', 'domain': '.facebook.com', 'secure': False, 'path <snip>
         {'name': 'dta', 'domain': 'www.whatarecookies.com', 'secure': Fa <snip>
         {'name': '_sneakers_session', 'domain': 'www.airgoat.com', 'secu <snip>
         {'name': '__cfduid', 'domain': '.goat.com', 'secure': False, 'pa <snip>
         {'name': 'u2', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'A6', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'id', 'domain': '.doubleclick.net', 'secure': False, 'p <snip>
         {'name': '_ga', 'domain': '.airgoat.com', 'secure': False, 'path <snip>

Navigated and cleared cookies after another delay (#4):
         {'name': '_gat', 'domain': '.whatarecookies.com', 'secure': Fals <snip>
         {'name': 'rCookie', 'domain': '.airgoat.com', 'secure': False, ' <snip>
         {'name': '_ga', 'domain': '.whatarecookies.com', 'secure': False <snip>
         {'name': 'C5', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'JSESSIONID', 'domain': '.nr-data.net', 'secure': True, <snip>
         {'name': '_gat', 'domain': '.airgoat.com', 'secure': False, 'pat <snip>
         {'name': 'D2', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'ASPSESSIONIDQSQQCBDS', 'domain': 'www.whatarecookies.c <snip>
         {'name': '_s', 'domain': '.app.link', 'secure': False, 'path': ' <snip>
         {'name': 'TDCPM', 'domain': '.adsrvr.org', 'secure': False, 'pat <snip>
         {'name': '__cfduid', 'domain': '.airgoat.com', 'secure': False,  <snip>
         {'name': '__ssid', 'domain': '.airgoat.com', 'secure': False, 'p <snip>
         {'name': 'mp_87d63960c1907a6a1353562385b48ea1_mixpanel', 'domain <snip>
         {'name': 'TDID', 'domain': '.adsrvr.org', 'secure': False, 'path <snip>
         {'name': 'IDE', 'domain': '.doubleclick.net', 'secure': False, ' <snip>
         {'name': 'fr', 'domain': '.facebook.com', 'secure': False, 'path <snip>
         {'name': 'dta', 'domain': 'www.whatarecookies.com', 'secure': Fa <snip>
         {'name': '_sneakers_session', 'domain': 'www.airgoat.com', 'secu <snip>
         {'name': '__cfduid', 'domain': '.goat.com', 'secure': False, 'pa <snip>
         {'name': 'u2', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'A6', 'domain': '.serving-sys.com', 'secure': False, 'p <snip>
         {'name': 'id', 'domain': '.doubleclick.net', 'secure': False, 'p <snip>
         {'name': '_ga', 'domain': '.airgoat.com', 'secure': False, 'path <snip>
Sending sigint to chromium
durr@buildbox:~/ChromeController$

All the cookies seem to stick around forever.

Whoops, there's a third call to clearBrowserCookies in there between step 8 and 9.

After some headscratching and going over the docs:

Synchronous_command:
        command: 'Network.canClearBrowserCookies'
        params:  '{}'
                Sending: '{"id": 3, "method": "Network.canClearBrowserCookies"}'
                Received: '{"id":3,"result":{"result":true}}'
        Response: '{'result': {'result': True}, 'id': 3}'

Chromium is saying I can clear the cookies. I thought it could possibly be locked or something.

Is there anything I can do to help move this issue along?

I'm trying to migrate away from selenium/phantomjs, and this is a blocker for me at the moment.

This is blocking for everyone trying to interact with cookies via the DevTools API and seems like there's no workaround. Are there any new developments?

I'm starting to look into this. To be clear, my expectation here is that all cookies for all origins should be deleted, not just for the target. @ivalio, as an immediate workaround does `Network.deleteCookie` (https://chromedevtools.github.io/debugger-protocol-viewer/tot/Network/#method-deleteCookie, caution: marked as experimental) still work as expected for your situation?

I think you meant to be asking me?

Anyways, I'm currently waiting for chrome to build with any recent changes. I should be able to follow up tomorrow evening.

I can replicate the issue. `Network.clearBrowserCookies` is a noop in canary headless but functions as expected in non-headless canary. `Network.deleteCookie` functions as expected in both environments.

> As an immediate workaround does `Network.deleteCookie` (https://chromedevtools.github.io/debugger-protocol-viewer/tot/Network/#method-deleteCookie, caution: marked as experimental) still work as expected for your situation?

This doesn't quite work, because when you fetch the cookies from the browser via `getAllCookies()`, the returned cookies only contain the url netloc fragment to which they apply. However,  `Network.deleteCookie()` requires a full URL, presumably against which the cookies present are filtered.

Clearly, I could implement some logic that tries to generate a valid-looking domain given the netloc fragment in each cookie, but I've done enough internet scraping to know that that'll almost immediately run into horrible edge cases caused by weird domain names. Short of straight-out copying the url parsing logic in chromium, I think I'd inevitably have some divergence.

One thing that'd be nice would be a way to refer to cookies by a unique identifier, rather then the combination of the name their source specifies, and their netloc fragment. That'd remove the complexity of having to deal with full URL/netloc fragment round-tripping.

I'm working on a fix for this, but in the meantime, Network.deleteCookie seems to work in headless from my tests. For the logic to reconstruct a URL from a cookie, you can refer to the example extension code (https://cs.chromium.org/chromium/src/chrome/common/extensions/docs/examples/api/cookies/manager.js?type=cs&q=cookie.url+lang:javascript&l=132) and DevTools itself (https://cs.chromium.org/chromium/src/third_party/WebKit/Source/devtools/front_end/sdk/CookieParser.js?dr=C&l=308).

Agreed the ergonomics are a bit lacking for manually constructing the canonical cookie reference, but URL is baked into a couple of levels internally. Feel free to file a bug to track improvements there :)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3f058ec9983877b66fbd014a1253d509dc303172

commit 3f058ec9983877b66fbd014a1253d509dc303172
Author: phulce <phulce@chromium.org>
Date: Wed Apr 05 00:21:33 2017

DevTools: Fix Network.clearBrowserCookies

Removes ClearCookies method from chrome content browser client.
Changes network handler to directly delete cookies from cookie store.

BUG= 672744 
R=dgozman

Review-Url: https://codereview.chromium.org/2785943005
Cr-Commit-Position: refs/heads/master@{#461911}

[modify] https://crrev.com/3f058ec9983877b66fbd014a1253d509dc303172/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/3f058ec9983877b66fbd014a1253d509dc303172/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/3f058ec9983877b66fbd014a1253d509dc303172/content/browser/devtools/protocol/network_handler.cc
[modify] https://crrev.com/3f058ec9983877b66fbd014a1253d509dc303172/content/browser/devtools/protocol/network_handler.h
[modify] https://crrev.com/3f058ec9983877b66fbd014a1253d509dc303172/content/browser/devtools/protocol_config.json

@lemuix it should be in Canary tomorrow if you want to give it a spin and let me know if it didn't address your issue.

I can confirm this seems to fix the general issue.

One thing I noticed is that `Network.clearBrowserCookies` doesn't seem to delete the cookies for the currently open page (if any), but I'd assume that's intended behaviour, rather then a bug.

It does mean that `Network.clearBrowserCookies`, `Network.getAllCookies` doesn't always return an empty list, which is not quite what you'd expect though. It depends on the current browser state.

Hmm, that's not the intended behavior. In all of my tests, the cookies for the current page were cleared, but the page continued to set cookies after the initial load so subsequent getAllCookies calls on a delay returned the appropriate values. Do you have a reproducible script of the cookies not getting cleared for an open page?