Adding session-only localStorage.

content/browser/in_process_webkit/dom_storage_namespace.cc

Index: content/browser/in_process_webkit/dom_storage_namespace.cc
diff --git a/content/browser/in_process_webkit/dom_storage_namespace.cc b/content/browser/in_process_webkit/dom_storage_namespace.cc
index 508786f1aaf58d7d8ba23b01793775028de8a052..a4b49a475b0a9ffe2cc69fd2f22d2d1a7d41d282 100644
--- a/content/browser/in_process_webkit/dom_storage_namespace.cc
+++ b/content/browser/in_process_webkit/dom_storage_namespace.cc
@@ -41,6 +41,15 @@ DOMStorageNamespace::DOMStorageNamespace(DOMStorageContext* dom_storage_context,
       id_(id),
       data_dir_path_(data_dir_path),
       dom_storage_type_(dom_storage_type) {
+  if (dom_storage_type == DOM_STORAGE_LOCAL && !data_dir_path.isEmpty()) {
+    // This DOMStorageNamespace represents a permanent localStorage; create a
+    // sibling namespace that represents the corresponding session-only storage.
+    session_only_local_storage_.reset(

[michaeln, 2011/08/02 19:47:41]

can this be more lazily created, i imagine most users won't have this related
setting turned on

[marja, 2011/08/03 09:14:15]

Done.

+        new DOMStorageNamespace(dom_storage_context,
+                                id,
+                                WebString(),
+                                dom_storage_type));
+  }
   DCHECK(dom_storage_context_);
 }
 
@@ -54,19 +63,28 @@ DOMStorageNamespace::~DOMStorageNamespace() {
   }
 }
 
-DOMStorageArea* DOMStorageNamespace::GetStorageArea(const string16& origin) {
+DOMStorageArea* DOMStorageNamespace::GetStorageArea(
+    const string16& origin,
+    bool allow_permanent_storage) {
   // We may have already created it for another dispatcher host.
-  OriginToStorageAreaMap::iterator iter = origin_to_storage_area_.find(origin);
-  if (iter != origin_to_storage_area_.end())
-    return iter->second;
+  DOMStorageArea* storage_area = GetExistingStorageArea(origin);
+  if (storage_area)
+    return storage_area;
 
-  // We need to create a new one.
-  int64 id = dom_storage_context_->AllocateStorageAreaId();
-  DCHECK(!dom_storage_context_->GetStorageArea(id));
-  DOMStorageArea* storage_area = new DOMStorageArea(origin, id, this);
-  origin_to_storage_area_[origin] = storage_area;
-  dom_storage_context_->RegisterStorageArea(storage_area);
-  return storage_area;
+  // Also, our session-only sibling might have it. (This is independent of what
+  // the content settings say; it might be that the settings were changed after
+  // the DOMStorageArea was created.)

[michaeln, 2011/08/02 19:47:41]

This blurs the lines between the sessionOnly and longerLived worlds quite a bit.
With the sessionOnly setting on, sometimes you get the longLived namespace, and
vice versa. Is that really needed? What would happen if this was more clear
cut...

if (enforce_session_only)
  return session_only_thingy;
else
  return long_lived_thingy;

[marja, 2011/08/03 09:14:15]

I guess that would confuse some web pages, if the user alters the setting when
the page is open. E.g., first the page puts something to the localStorage, and
it goes to the permanent storage. Then the user alters the setting so that only
session-only storage is allowed (for this origin). Then a different frame on the
page tries to read back from the localStorage, but it can no longer find the
data, since the data is in the permanent storage, but that piece of code would
direct it to the session-only storage. Is this too far-fetched? :) If the page
just reads data from the localStorage 2 times, GetStorageArea is called only
once. So everything would work unless the page has a construct which gets
GetStorageArea called multiple times (at least frames, not sure when else it
would be), or if 2 open pages use the same localStorage.

In the current version of the cl, real session-only-ness is only achieved if the
user clears the storage data after restricting some origins to session only
storage, and restarts the browser. The same after modifying the setting the
other way around (session only -> permanent). If a page has already put data
into the localStorage, and the user changes the content setting, the data can
still be retrieved by all users of the same localStorage. In your version it can
only be retrieved by those users of the that localStorage who have already got
the storage area id earlier. Not sure which is better.

+  if (session_only_local_storage_.get()) {
+    storage_area = session_only_local_storage_->GetExistingStorageArea(origin);
+    if (storage_area)
+      return storage_area;
+  }
+
+  // Else, we need to create a new DOMStorageArea.
+  if (!allow_permanent_storage && session_only_local_storage_.get()) {
+    return session_only_local_storage_->CreateStorageArea(origin);
+  }
+  return CreateStorageArea(origin);
 }
 
 DOMStorageNamespace* DOMStorageNamespace::Copy(int64 id) {
@@ -107,3 +125,20 @@ void DOMStorageNamespace::CreateWebStorageNamespaceIfNecessary() {
         WebStorageNamespace::m_sessionStorageQuota));
   }
 }
+
+DOMStorageArea* DOMStorageNamespace::GetExistingStorageArea(
+    const string16& origin) {
+  OriginToStorageAreaMap::iterator iter = origin_to_storage_area_.find(origin);
+  if (iter != origin_to_storage_area_.end())
+    return iter->second;
+  return NULL;
+}
+
+DOMStorageArea* DOMStorageNamespace::CreateStorageArea(const string16& origin) {
+  int64 id = dom_storage_context_->AllocateStorageAreaId();
+  DCHECK(!dom_storage_context_->GetStorageArea(id));
+  DOMStorageArea* storage_area = new DOMStorageArea(origin, id, this);
+  origin_to_storage_area_[origin] = storage_area;
+  dom_storage_context_->RegisterStorageArea(storage_area);
+  return storage_area;
+}