net: split the SSL session cache between incognito and normal.

chrome/browser/profiles/off_the_record_profile_io_data.cc

Index: chrome/browser/profiles/off_the_record_profile_io_data.cc
diff --git a/chrome/browser/profiles/off_the_record_profile_io_data.cc b/chrome/browser/profiles/off_the_record_profile_io_data.cc
index b7b022ac12bee85b84854e3ef88fd58ef6f6ee22..bdf0845a9dfbdd845a8baac6798b220b04a29b27 100644
--- a/chrome/browser/profiles/off_the_record_profile_io_data.cc
+++ b/chrome/browser/profiles/off_the_record_profile_io_data.cc
@@ -134,6 +134,11 @@ void OffTheRecordProfileIOData::Handle::LazyInitialize() const {
   }
 }
 
+// The SSL session cache is partitioned by setting a string. By choosing a
+// different string here, we ensure that incognito connections don't resume
+// sessions from non-incognito connections and vice-versa.
+static const char kIncognitoSSLCacheShard[] = "incognito";

[Ryan Sleevi, 2011/12/12 23:07:06]

agl: Once concern with using a fixed string like this is that entering, exiting,
and then re-entering incognito mode will allow previously cached sessions to be
returned - in essence, 'leaking' state between incognito sessions.

Is this a concern? Both for Desktop (which may run for weeks) and for CrOS?

+
 OffTheRecordProfileIOData::OffTheRecordProfileIOData()
     : ProfileIOData(true) {}
 OffTheRecordProfileIOData::~OffTheRecordProfileIOData() {}
@@ -201,6 +206,7 @@ void OffTheRecordProfileIOData::LazyInitializeInternal(
                          main_context->transport_security_state(),
                          main_context->dns_cert_checker(),
                          main_context->proxy_service(),
+                         kIncognitoSSLCacheShard,
                          main_context->ssl_config_service(),
                          main_context->http_auth_handler_factory(),
                          main_context->network_delegate(),