Attempt 2 at landing this....

chrome/browser/automation/url_request_automation_job.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/automation/url_request_automation_job.h"
 
 #include "base/message_loop.h"
 #include "base/time.h"
 #include "chrome/browser/automation/automation_resource_message_filter.h"
 #include "chrome/browser/chrome_thread.h"
 #include "chrome/browser/renderer_host/render_view_host.h"
 #include "chrome/browser/renderer_host/resource_dispatcher_host.h"
 #include "chrome/browser/renderer_host/resource_dispatcher_host_request_info.h"
 #include "chrome/test/automation/automation_messages.h"
+#include "net/base/cookie_monster.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_util.h"
 #include "net/url_request/url_request_context.h"
 
 using base::Time;
 using base::TimeDelta;
 
 // The list of filtered headers that are removed from requests sent via
 // StartAsync(). These must be lower case.
@@ skipping 224 matching lines @@
   redirect_url_ = response.redirect_url;
   redirect_status_ = response.redirect_status;
   DCHECK(redirect_status_ == 0 || redirect_status_ == 200 ||
          (redirect_status_ >= 300 && redirect_status_ < 400));
 
   GURL url_for_cookies =
       GURL(redirect_url_.empty() ? request_->url().spec().c_str() :
            redirect_url_.c_str());
 
   URLRequestContext* ctx = request_->context();
+  std::vector<std::string> response_cookies;
 
   if (!response.headers.empty()) {
     headers_ = new net::HttpResponseHeaders(
         net::HttpUtil::AssembleRawHeaders(response.headers.data(),
                                           response.headers.size()));
     // Parse and set HTTP cookies.
     const std::string name = "Set-Cookie";
     std::string value;
-    std::vector<std::string> response_cookies;
 
     void* iter = NULL;
     while (headers_->EnumerateHeader(&iter, name, &value)) {
       if (request_->context()->InterceptCookie(request_, &value))
         response_cookies.push_back(value);
     }
 
     if (response_cookies.size()) {
       if (ctx && ctx->cookie_store() &&
           ctx->cookie_policy()->CanSetCookie(
               url_for_cookies, request_->first_party_for_cookies())) {
         net::CookieOptions options;
         options.set_include_httponly();
         ctx->cookie_store()->SetCookiesWithOptions(url_for_cookies,
                                                    response_cookies,
                                                    options);
       }
     }
   }
 
   if (ctx && ctx->cookie_store() && !response.persistent_cookies.empty() &&
       ctx->cookie_policy()->CanSetCookie(
           url_for_cookies, request_->first_party_for_cookies())) {
     StringTokenizer cookie_parser(response.persistent_cookies, ";");
 
     while (cookie_parser.GetNext()) {
-      net::CookieOptions options;
-      ctx->cookie_store()->SetCookieWithOptions(url_for_cookies,
-                                                cookie_parser.token(),
-                                                options);
+      std::string cookie_string = cookie_parser.token();
+      // Only allow cookies with valid name value pairs.
+      if (cookie_string.find('=') != std::string::npos) {
+        TrimWhitespace(cookie_string, TRIM_ALL, &cookie_string);
+        // Ignore duplicate cookies, i.e. cookies passed in from the host
+        // browser which also exist in the response header.
+        if (!IsCookiePresentInCookieHeader(cookie_string,
+                                           response_cookies)) {
+            net::CookieOptions options;
+            ctx->cookie_store()->SetCookieWithOptions(url_for_cookies,
+                                                      cookie_string,
+                                                      options);
+        }
+      }
     }
   }
 
   NotifyHeadersComplete();
 }
 
 void URLRequestAutomationJob::OnDataAvailable(
     int tab, int id, const std::string& bytes) {
   DLOG(INFO) << "URLRequestAutomationJob: " <<
       request_->url().spec() << " - data available, Size: " << bytes.size();
@@ skipping 121 matching lines @@
   message_filter_->Send(new AutomationMsg_RequestStart(0, tab_, id_,
       automation_request));
 }
 
 void URLRequestAutomationJob::DisconnectFromMessageFilter() {
   if (message_filter_) {
     message_filter_->UnRegisterRequest(this);
     message_filter_ = NULL;
   }
 }
+
+bool URLRequestAutomationJob::IsCookiePresentInCookieHeader(
+    const std::string& cookie_line,
+    const std::vector<std::string>& header_cookies) {
+  net::CookieMonster::ParsedCookie parsed_current_cookie(cookie_line);
+  for (size_t index = 0; index < header_cookies.size(); index++) {
+    net::CookieMonster::ParsedCookie parsed_header_cookie(
+        header_cookies[index]);
+
+    if (parsed_header_cookie.Name() == parsed_current_cookie.Name())
+      return true;
+  }
+
+  return false;
+}
+