SessionRestore: Store session cookies and restore them if chrome crashes or auto-restarts.

net/base/cookie_monster.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Portions of this code based on Mozilla:
 //   (netwerk/cookie/src/nsCookieService.cpp)
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
@@ skipping 302 matching lines @@
   // DELETE_COOKIE_EVICTED_DOMAIN
   { CookieMonster::Delegate::CHANGE_COOKIE_EVICTED, true },
   // DELETE_COOKIE_EVICTED_GLOBAL
   { CookieMonster::Delegate::CHANGE_COOKIE_EVICTED, true },
   // DELETE_COOKIE_EVICTED_DOMAIN_PRE_SAFE
   { CookieMonster::Delegate::CHANGE_COOKIE_EVICTED, true },
   // DELETE_COOKIE_EVICTED_DOMAIN_POST_SAFE
   { CookieMonster::Delegate::CHANGE_COOKIE_EVICTED, true },
   // DELETE_COOKIE_EXPIRED_OVERWRITE
   { CookieMonster::Delegate::CHANGE_COOKIE_EXPIRED_OVERWRITE, true },
+  // DELETE_COOKIE_OLD_SESSION_COOKIE
+  { CookieMonster::Delegate::CHANGE_COOKIE_EXPLICIT, false },
   // DELETE_COOKIE_LAST_ENTRY
   { CookieMonster::Delegate::CHANGE_COOKIE_EXPLICIT, false }
 };
 
 std::string BuildCookieLine(const CanonicalCookieVector& cookies) {
   std::string cookie_line;
   for (CanonicalCookieVector::const_iterator it = cookies.begin();
        it != cookies.end(); ++it) {
     if (it != cookies.begin())
       cookie_line += "; ";
@@ skipping 30 matching lines @@
 
 CookieMonster::CookieMonster(PersistentCookieStore* store, Delegate* delegate)
     : initialized_(false),
       loaded_(false),
       expiry_and_key_scheme_(expiry_and_key_default_),
       store_(store),
       last_access_threshold_(
           TimeDelta::FromSeconds(kDefaultAccessUpdateThresholdSeconds)),
       delegate_(delegate),
       last_statistic_record_time_(Time::Now()),
-      keep_expired_cookies_(false) {
+      keep_expired_cookies_(false),
+      persist_session_cookies_(false),
+      old_session_cookie_behavior_(SESSION_COOKIES_UNDECIDED) {
   InitializeHistograms();
   SetDefaultCookieableSchemes();
 }
 
 CookieMonster::CookieMonster(PersistentCookieStore* store,
                              Delegate* delegate,
                              int last_access_threshold_milliseconds)
     : initialized_(false),
       loaded_(false),
       expiry_and_key_scheme_(expiry_and_key_default_),
       store_(store),
       last_access_threshold_(base::TimeDelta::FromMilliseconds(
           last_access_threshold_milliseconds)),
       delegate_(delegate),
       last_statistic_record_time_(base::Time::Now()),
-      keep_expired_cookies_(false) {
+      keep_expired_cookies_(false),
+      persist_session_cookies_(false),
+      old_session_cookie_behavior_(SESSION_COOKIES_UNDECIDED) {
   InitializeHistograms();
   SetDefaultCookieableSchemes();
 }
 
 // Parse a cookie expiration time.  We try to be lenient, but we need to
 // assume some order to distinguish the fields.  The basic rules:
 //  - The month name must be present and prefix the first 3 letters of the
 //    full month name (jan for January, jun for June).
 //  - If the year is <= 2 digits, it must occur after the day of month.
 //  - The time must be of the format hh:mm:ss.
@@ skipping 992 matching lines @@
     if (matching_cookies.find(curit->second) != matching_cookies.end()) {
       InternalDeleteCookie(curit, true, DELETE_COOKIE_EXPLICIT);
     }
   }
 }
 
 CookieMonster* CookieMonster::GetCookieMonster() {
   return this;
 }
 
+void CookieMonster::SetPersistSessionCookies(bool persist_session_cookies) {
+  persist_session_cookies_ = persist_session_cookies;
+}
+
+void CookieMonster::SaveSessionCookies() {
+  if (store_) {
+    store_->SetClearLocalStateOnExit(false);

[erikwright (departed), 2011/11/28 16:18:16]

...

[erikwright (departed), 2011/11/28 16:31:44]

Never mind, I've answered my own question.

+  }
+}
+
+void CookieMonster::RestoreOldSessionCookies() {
+  old_session_cookie_behavior_ = SESSION_COOKIES_MERGE;
+  for (CookieMap::iterator it = cookies_.begin(); it != cookies_.end(); ++it) {
+    it->second->SetIsOldSessionCookie(false);
+    if (delegate_) {
+      delegate_->OnCookieChanged(
+          *it->second, false, CookieMonster::Delegate::CHANGE_COOKIE_EXPLICIT);

[erikwright (departed), 2011/11/28 16:18:16]

...

[erikwright (departed), 2011/11/28 16:31:44]

I don't know what I was planning to comment on here.

+    }
+  }
+}
+
+void CookieMonster::DiscardOldSessionCookies() {
+  old_session_cookie_behavior_ = SESSION_COOKIES_DELETE;
+  // It is ok to call DeleteSessionCookies even if |store_| hasn't initialized
+  // yet.
+  if (store_)
+    store_->DeleteSessionCookies();

[erikwright (departed), 2011/11/28 16:18:16]

Won't this also delete any new session cookies set for domains visited while the
restore prompt was up?

[erikwright (departed), 2011/11/28 16:31:44]

I suppose one solution is to pass a timestamp (i.e., the time that loading
started) and only delete the ones not created/modified since then.

Another solution is to rely on deletion during InternalDeleteCookie (i.e., pass
true for sync_to_store).

[marja, 2011/11/29 12:56:01]

Yep, it was buggy. The change of approach (always restore after a crash, don't
wait for the infobar) removes this problem.

+  for (CookieMap::iterator it = cookies_.begin(); it != cookies_.end();) {
+    CookieMap::iterator curit = it;
+    ++it;
+    if (curit->second->IsOldSessionCookie()) {
+      // Don't sync this to store. Session cookies will be deleted from the
+      // store separately.
+      InternalDeleteCookie(curit, false, DELETE_COOKIE_OLD_SESSION_COOKIE);
+    }
+  }
+}
+
 CookieMonster::~CookieMonster() {
   DeleteAll(false);
 }
 
 bool CookieMonster::SetCookieWithCreationTime(const GURL& url,
                                               const std::string& cookie_line,
                                               const base::Time& creation_time) {
   DCHECK(!store_) << "This method is only to be used by unit-tests.";
   base::AutoLock autolock(lock_);
 
@@ skipping 49 matching lines @@
 
 void CookieMonster::StoreLoadedCookies(
     const std::vector<CanonicalCookie*>& cookies) {
   // Initialize the store and sync in any saved persistent cookies.  We don't
   // care if it's expired, insert it so it can be garbage collected, removed,
   // and sync'd.
   base::AutoLock autolock(lock_);
 
   for (std::vector<CanonicalCookie*>::const_iterator it = cookies.begin();
        it != cookies.end(); ++it) {
+    bool notify = true;
+    if (!(*it)->IsPersistent()) {
+      if (old_session_cookie_behavior_ == SESSION_COOKIES_DELETE) {
+        // Ignore this cookie; old session cookies are getting deleted from the
+        // database.
+        continue;
+      } else if (old_session_cookie_behavior_ == SESSION_COOKIES_UNDECIDED) {
+        // Mark restored session cookies as old session cookies, so they can be
+        // discarded if needed.
+        (*it)->SetIsOldSessionCookie(true);
+        notify = false;
+      }
+      // else, |old_session_cookie_behavior_| is |SESSION_COOKIES_MERGE|, and we
+      // treat the old session cookie as a normal cookie.
+    }
+
     int64 cookie_creation_time = (*it)->CreationDate().ToInternalValue();
 
     if (creation_times_.insert(cookie_creation_time).second) {
-      InternalInsertCookie(GetKey((*it)->Domain()), *it, false);
+      InternalInsertCookie(GetKey((*it)->Domain()), *it, false, notify);
       const Time cookie_access_time((*it)->LastAccessDate());
       if (earliest_access_time_.is_null() ||
           cookie_access_time < earliest_access_time_)
         earliest_access_time_ = cookie_access_time;
     } else {
       LOG(ERROR) << base::StringPrintf("Found cookies with duplicate creation "
                                        "times in backing store: "
                                        "{name='%s', domain='%s', path='%s'}",
                                        (*it)->Name().c_str(),
                                        (*it)->Domain().c_str(),
@@ skipping 221 matching lines @@
     CookieMap::iterator curit = its.first;
     CanonicalCookie* cc = curit->second;
     ++its.first;
 
     // If the cookie is expired, delete it.
     if (cc->IsExpired(current) && !keep_expired_cookies_) {
       InternalDeleteCookie(curit, true, DELETE_COOKIE_EXPIRED);
       continue;
     }
 
+    if (cc->IsOldSessionCookie()) {
+      // The cookie is an old session cookie, and we're supposed to ignore
+      // it. If |old_session_cookie_behavior_| is something else, |cookies_|
+      // contains no cookies marked as session cookies.

[erikwright (departed), 2011/11/28 16:18:16]

'as _old_ session cookies'

[marja, 2011/11/29 12:56:01]

(Obsolete)

+      DCHECK(old_session_cookie_behavior_ == SESSION_COOKIES_UNDECIDED);
+      continue;

[erikwright (departed), 2011/11/28 16:18:16]

I think we should also be deleting this cookie (from the Cookie Monster and the
SQLitePersistentCookieStore) here.

[marja, 2011/11/29 12:56:01]

(Obsolete)

+    }
+
     // Filter out HttpOnly cookies, per options.
     if (options.exclude_httponly() && cc->IsHttpOnly())
       continue;
 
     // Filter out secure cookies unless we're https.
     if (!secure && cc->IsSecure())
       continue;
 
     // Filter out cookies that don't apply to this domain.
     if (expiry_and_key_scheme_ == EKS_KEEP_RECENT_AND_PURGE_ETLDP1
@@ skipping 38 matching lines @@
             DELETE_COOKIE_EXPIRED_OVERWRITE : DELETE_COOKIE_OVERWRITE);
       }
       found_equivalent_cookie = true;
     }
   }
   return skipped_httponly;
 }
 
 void CookieMonster::InternalInsertCookie(const std::string& key,
                                          CanonicalCookie* cc,
-                                         bool sync_to_store) {
+                                         bool sync_to_store,
+                                         bool notify) {
   lock_.AssertAcquired();
 
-  if (cc->IsPersistent() && store_ && sync_to_store)
+  if ((cc->IsPersistent() || persist_session_cookies_) &&
+      store_ && sync_to_store)
     store_->AddCookie(*cc);
   cookies_.insert(CookieMap::value_type(key, cc));
-  if (delegate_.get()) {
+  if (notify && delegate_.get()) {
     delegate_->OnCookieChanged(
         *cc, false, CookieMonster::Delegate::CHANGE_COOKIE_EXPLICIT);
   }
 }
 
 bool CookieMonster::SetCookieWithCreationTimeAndOptions(
     const GURL& url,
     const std::string& cookie_line,
     const Time& creation_time_or_null,
     const CookieOptions& options) {
@@ skipping 55 matching lines @@
   bool already_expired = (*cc)->IsExpired(creation_time);
   if (DeleteAnyEquivalentCookie(key, **cc, options.exclude_httponly(),
                                 already_expired)) {
     VLOG(kVlogSetCookies) << "SetCookie() not clobbering httponly cookie";
     return false;
   }
 
   VLOG(kVlogSetCookies) << "SetCookie() key: " << key << " cc: "
                         << (*cc)->DebugString();
 
+  if (persist_session_cookies_ &&
+      old_session_cookie_behavior_ == SESSION_COOKIES_UNDECIDED) {
+    // We're setting a cookie, and there are session cookies for which we

[jochen (gone - plz use gerrit), 2011/11/28 15:47:19]

I think we should also delete all session cookies for a key when we read cookies
for that key, wdyt?

[erikwright (departed), 2011/11/28 16:18:16]

Also, this should occur before the DeleteAnyEquivalentCookie statement. A
pre-existing HTTPONLY session cookie would alter the behaviour there.

[marja, 2011/11/29 12:56:01]

(Obsolete.)

+    // haven't yet decided whether to merge them or not. Delete all old session
+    // cookies for the same key. If |old_session_cookie_behavior_| is something
+    // else than |SESSION_COOKIES_UNDECIDED|, |cookies_| contains no cookies
+    // marked as session cookies.

[erikwright (departed), 2011/11/28 16:18:16]

'as _old_ session cookies'

[marja, 2011/11/29 12:56:01]

(Obsolete.)

+    CookieMapItPair its = cookies_.equal_range(key);
+    while (its.first != its.second) {
+      CookieMap::iterator curit = its.first;
+      ++its.first;
+      if (curit->second->IsOldSessionCookie()) {
+        InternalDeleteCookie(curit, true, DELETE_COOKIE_EXPLICIT);
+      }
+    }
+  }
+
   // Realize that we might be setting an expired cookie, and the only point
   // was to delete the cookie which we've already done.
   if (!already_expired || keep_expired_cookies_) {
     // See InitializeHistograms() for details.
     if ((*cc)->DoesExpire()) {
       histogram_expiration_duration_minutes_->Add(
           ((*cc)->ExpiryDate() - creation_time).InMinutes());
     }
 
-    InternalInsertCookie(key, cc->release(), true);
+    InternalInsertCookie(key, cc->release(), true, true);
   }
 
   // We assume that hopefully setting a cookie will be less common than
   // querying a cookie.  Since setting a cookie can put us over our limits,
   // make sure that we garbage collect...  We can also make the assumption that
   // if a cookie was set, in the common case it will be used soon after,
   // and we will purge the expired cookies in GetCookies().
   GarbageCollect(creation_time, key);
 
   return true;
 }
 
 void CookieMonster::InternalUpdateCookieAccessTime(CanonicalCookie* cc,
                                                    const Time& current) {
   lock_.AssertAcquired();
 
   // Based off the Mozilla code.  When a cookie has been accessed recently,
   // don't bother updating its access time again.  This reduces the number of
   // updates we do during pageload, which in turn reduces the chance our storage
   // backend will hit its batch thresholds and be forced to update.
   if ((current - cc->LastAccessDate()) < last_access_threshold_)
     return;
 
   // See InitializeHistograms() for details.
   histogram_between_access_interval_minutes_->Add(
       (current - cc->LastAccessDate()).InMinutes());
 
   cc->SetLastAccessDate(current);
-  if (cc->IsPersistent() && store_)
+  if ((cc->IsPersistent() || persist_session_cookies_) && store_)
     store_->UpdateCookieAccessTime(*cc);
 }
 
 void CookieMonster::InternalDeleteCookie(CookieMap::iterator it,
                                          bool sync_to_store,
                                          DeletionCause deletion_cause) {
   lock_.AssertAcquired();
 
   // Ideally, this would be asserted up where we define ChangeCauseMapping,
   // but DeletionCause's visibility (or lack thereof) forces us to make
   // this check here.
   COMPILE_ASSERT(arraysize(ChangeCauseMapping) == DELETE_COOKIE_LAST_ENTRY + 1,
                  ChangeCauseMapping_size_not_eq_DeletionCause_enum_size);
 
   // See InitializeHistograms() for details.
   if (deletion_cause != DELETE_COOKIE_DONT_RECORD)
     histogram_cookie_deletion_cause_->Add(deletion_cause);
 
   CanonicalCookie* cc = it->second;
   VLOG(kVlogSetCookies) << "InternalDeleteCookie() cc: " << cc->DebugString();
 
-  if (cc->IsPersistent() && store_ && sync_to_store)
+  if ((cc->IsPersistent() || persist_session_cookies_)
+      && store_ && sync_to_store)
     store_->DeleteCookie(*cc);
   if (delegate_.get()) {
     ChangeCausePair mapping = ChangeCauseMapping[deletion_cause];
 
     if (mapping.notify)
       delegate_->OnCookieChanged(*cc, true, mapping.cause);
   }
   cookies_.erase(it);
   delete cc;
 }
@@ skipping 585 matching lines @@
     } else {
       /* some attribute we don't know or don't care about. */
     }
   }
 }
 
 CookieMonster::CanonicalCookie::CanonicalCookie()
     : secure_(false),
       httponly_(false),
       has_expires_(false),
-      is_persistent_(false) {
+      is_persistent_(false),
+      is_old_session_cookie_(false) {
   SetSessionCookieExpiryTime();
 }
 
 CookieMonster::CanonicalCookie::CanonicalCookie(
     const GURL& url, const std::string& name, const std::string& value,
     const std::string& domain, const std::string& path,
     const std::string& mac_key, const std::string& mac_algorithm,
     const base::Time& creation, const base::Time& expiration,
     const base::Time& last_access, bool secure, bool httponly, bool has_expires,
     bool is_persistent)
     : source_(GetCookieSourceFromURL(url)),
       name_(name),
       value_(value),
       domain_(domain),
       path_(path),
       mac_key_(mac_key),
       mac_algorithm_(mac_algorithm),
       creation_date_(creation),
       expiry_date_(expiration),
       last_access_date_(last_access),
       secure_(secure),
       httponly_(httponly),
       has_expires_(has_expires),
-      is_persistent_(is_persistent) {
+      is_persistent_(is_persistent),
+      is_old_session_cookie_(false) {
   if (!has_expires_) {
     DCHECK(!is_persistent_);
     SetSessionCookieExpiryTime();
   }
 }
 
 CookieMonster::CanonicalCookie::CanonicalCookie(const GURL& url,
                                                 const ParsedCookie& pc)
     : source_(GetCookieSourceFromURL(url)),
       name_(pc.Name()),
       value_(pc.Value()),
       path_(CanonPath(url, pc)),
       mac_key_(pc.MACKey()),
       mac_algorithm_(pc.MACAlgorithm()),
       creation_date_(Time::Now()),
       last_access_date_(Time()),
       secure_(pc.IsSecure()),
       httponly_(pc.IsHttpOnly()),
       has_expires_(pc.HasExpires()),
-      is_persistent_(pc.HasExpires()) {
+      is_persistent_(pc.HasExpires()),
+      is_old_session_cookie_(false) {
   if (has_expires_)
     expiry_date_ = CanonExpiration(pc, creation_date_);
   else
     SetSessionCookieExpiryTime();
 
   // Do the best we can with the domain.
   std::string cookie_domain;
   std::string domain_string;
   if (pc.HasDomain()) {
     domain_string = pc.Domain();
@@ skipping 185 matching lines @@
 std::string CookieMonster::CanonicalCookie::DebugString() const {
   return base::StringPrintf(
       "name: %s value: %s domain: %s path: %s creation: %"
       PRId64,
       name_.c_str(), value_.c_str(),
       domain_.c_str(), path_.c_str(),
       static_cast<int64>(creation_date_.ToTimeT()));
 }
 
 }  // namespace