Issue 863503002: Delete cookies for site when deleting locally stored data.

Issue 863503002: Delete cookies for site when deleting locally stored data. (Closed)

Created:
5 years, 11 months ago by Finnur

Modified:
5 years, 10 months ago

Reviewers:
markusheintz_, Mike West, newt (away)

CC:
chromium-reviews

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Delete cookies for site when deleting locally stored data. And, in the process, fix a bug in the CookieTreeModel, where it was prematurely sending BatchEnded events. BUG=445962, 447395 Committed: https://crrev.com/bf8a48a2dfb9c0d16103ae8228798f5cfdaf343f Cr-Commit-Position: refs/heads/master@{#313902}

Patch Set 1 #

Patch Set 2 : String change as requested in bug #

Total comments: 4

Patch Set 3 : Remove parentheses #

Total comments: 6

Patch Set 4 : Address Newton's comments #

Patch Set 5 : Augment string, as per discussion in bug #

Total comments: 3

Patch Set 6 : Sync'ed #

Created: 5 years, 10 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+196 lines, -10 lines)			Patch
M	chrome/android/java/src/org/chromium/chrome/browser/preferences/website/LocalStorageInfo.java	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	chrome/android/java/src/org/chromium/chrome/browser/preferences/website/WebsitePreferenceBridge.java	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	chrome/android/java/strings/android_chrome_strings.grd	View	1 2 3 4	1 chunk	+2 lines, -2 lines	0 comments	Download
M	chrome/browser/android/preferences/website_preference_bridge.cc	View	1 2 3	3 chunks	+104 lines, -0 lines	0 comments	Download
M	chrome/browser/browsing_data/cookies_tree_model.h	View		3 chunks	+34 lines, -4 lines	0 comments	Download
M	chrome/browser/browsing_data/cookies_tree_model.cc	View		5 chunks	+33 lines, -3 lines	0 comments	Download
M	chrome/browser/browsing_data/local_data_container.h	View		1 chunk	+3 lines, -0 lines	0 comments	Download
M	chrome/browser/browsing_data/local_data_container.cc	View		4 chunks	+18 lines, -1 line	0 comments	Download

Messages

Total messages: 20 (2 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Finnur

Newt, can you please review the first three files? Mike, can you please review the ...

5 years, 11 months ago (2015-01-19 14:51:48 UTC) #2

newt (away)

https://codereview.chromium.org/863503002/diff/20001/chrome/android/java/strings/android_chrome_strings.grd File chrome/android/java/strings/android_chrome_strings.grd (right): https://codereview.chromium.org/863503002/diff/20001/chrome/android/java/strings/android_chrome_strings.grd#newcode331 chrome/android/java/strings/android_chrome_strings.grd:331: Are you sure you want to clear all data ...

5 years, 11 months ago (2015-01-20 18:35:10 UTC) #4

Finnur

5 years, 11 months ago (2015-01-21 14:53:06 UTC) #5

https://codereview.chromium.org/863503002/diff/20001/chrome/android/java/stri...
File chrome/android/java/strings/android_chrome_strings.grd (right):

https://codereview.chromium.org/863503002/diff/20001/chrome/android/java/stri...
chrome/android/java/strings/android_chrome_strings.grd:331: Are you sure you
want to clear all data for this website (including cookies) and reset all its
permissions?
On 2015/01/20 18:35:10, newt wrote:
> I believe the bug called for commas instead of parentheses:
> 
>     ..., including cookies, ...

Done.

https://codereview.chromium.org/863503002/diff/20001/chrome/browser/android/p...
File chrome/browser/android/preferences/website_preference_bridge.cc (right):

https://codereview.chromium.org/863503002/diff/20001/chrome/browser/android/p...
chrome/browser/android/preferences/website_preference_bridge.cc:290: class
SiteDataDeleteHelper :
> How does desktop delete cookies and clear site data? Seems like we should be
> sharing that code, rather than reinventing this rather complicated machinery.

Yes, I had the same thought initially. "There's got to be a way to just say: Go
off (asynchronously) and delete all cookies for this one URL". Right?

There's a couple of things I found out, though.

1) Desktop is built around the idea of setting up a tree in-memory and keeping
it alive, while showing the user a list-representation of it and accept requests
to delete by node-id. In other words, Desktop has no need to look for data from
one site by url and delete it. What Desktop does is iterate multiple times over
the tree, once to send down the data and once each time the user deletes
(looking for the id of the node). We only need one pass (already know what we
want to delete).

2) The LocalDataContainer uses helper objects to gather the data and not all
helper objects are applicable across Android and Desktop. For example, Desktop
uses BrowsingDataFlashLSOHelper, which isn't needed on Android. My point is
this: Even the construction of the tree isn't going to apply cleanly across.

But, the machinery (as you call it) :) -- while being a little wordy, looks more
complex than it actually is. We're simply creating a LocalDataContainer object
along with some helper objects (that will do the actual fetch work) and simply
wait for them to come back with the dataset. Much of the complexity is just
boilerplate to keep the delete request alive while we wait for the workers to
finish and notify us. Which is code that we'd need anyway because we're
performing an async operation from a static function - right?

So... I'm not sure what makes sense to share/simplify here, but if you have
ideas I'm open to suggestions.

newt (away)

Could you get an OWNER of chrome/browser/browsing_data to look at website_preference_bridge.cc? The JNI bits look ...

5 years, 11 months ago (2015-01-23 02:23:15 UTC) #7

Finnur

Mike, can you look at website_preference_bridge.cc as well? Newton: Good points, I'll address your review ...

5 years, 11 months ago (2015-01-23 16:02:57 UTC) #8

Finnur

Ah... and now with comments... https://codereview.chromium.org/863503002/diff/40001/chrome/browser/android/preferences/website_preference_bridge.cc File chrome/browser/android/preferences/website_preference_bridge.cc (right): https://codereview.chromium.org/863503002/diff/40001/chrome/browser/android/preferences/website_preference_bridge.cc#newcode345 chrome/browser/android/preferences/website_preference_bridge.cc:345: void TreeModelEndBatch(CookiesTreeModel* model) override ...

5 years, 11 months ago (2015-01-26 10:47:22 UTC) #10

newt (away)

https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/preferences/website_preference_bridge.cc File chrome/browser/android/preferences/website_preference_bridge.cc (right): https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/preferences/website_preference_bridge.cc#newcode362 chrome/browser/android/preferences/website_preference_bridge.cc:362: domain_.DomainIs(info.cookie->Domain().c_str())) Is this the correct way to check for ...

5 years, 10 months ago (2015-01-26 19:24:22 UTC) #12

Mike West

On 2015/01/26 19:24:22, newt wrote: > https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/preferences/website_preference_bridge.cc > File chrome/browser/android/preferences/website_preference_bridge.cc (right): > > https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/preferences/website_preference_bridge.cc#newcode362 > ...

5 years, 10 months ago (2015-01-28 09:39:54 UTC) #13

Finnur

5 years, 10 months ago (2015-01-28 11:33:48 UTC) #14

https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/p...
File chrome/browser/android/preferences/website_preference_bridge.cc (right):

https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/p...
chrome/browser/android/preferences/website_preference_bridge.cc:362:
domain_.DomainIs(info.cookie->Domain().c_str()))
Thanks Mike.

I convinced myself that the review I sent out was correct, but started doubting
myself upon reading Newton's reply. But now I'm coming back to thinking it was
correct after all. I'm not 100% sure, though, so I'll explain my reasoning and
we can discuss.

As Mike points out, the cookie model and they way we present sites to the user
are not consistent. We might show two sites for www.google.is (one with https
and one with http) in the sites list, but under the hood the cookies that get
created when I access https://www.google.is (note the https) look something akin
to this:

A) HOST  Domain: www.google.is 
B) DOMAIN  Domain: .google.is 
C) DOMAIN  Domain: .google.is (Accessible to javascript only)

None of those cookies have the secure_ flag set to true (a flag that means
cookies are only sent over https). 
Side question: Mike, does secure_ == true mean that the cookie is not visible on
the site when accessed over http?

Anyway, regardless of that, two things are clear to me:
1) We have no good way of deleting only http or only https cookies (as the three
cookies above show). This is what Mike touched upon, they are purely domain
bound.
2) We'll have a variety of cookies that can affect a site, some specifying exact
hosts (cookie A above), some casting a wider net (the other two), with no good
way of knowing how they were created or how many sites within the domain use it.
So (in my mind) the only thing the implementation can do is ask the question:
Does this cookie affect the site being deleted? If so, delete it. And that where
the DomainIs call comes in.

That means we're likely to delete a cookie that is shared by other sites on the
domain, so we can satisfy the requirement to delete the cookies for the site
being deleted. To be specific -- and using Newtons example that if you ask to
delete all data related to maps.google.com, you have to delete the cookie that
applies to the .google.com domain.

Right?

newt (away)

lgtm. Thanks! https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/preferences/website_preference_bridge.cc File chrome/browser/android/preferences/website_preference_bridge.cc (right): https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/preferences/website_preference_bridge.cc#newcode362 chrome/browser/android/preferences/website_preference_bridge.cc:362: domain_.DomainIs(info.cookie->Domain().c_str())) On 2015/01/28 11:33:48, Finnur wrote: > ...

5 years, 10 months ago (2015-01-28 17:43:59 UTC) #15

lgtm. Thanks!

https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/p...
File chrome/browser/android/preferences/website_preference_bridge.cc (right):

https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/p...
chrome/browser/android/preferences/website_preference_bridge.cc:362:
domain_.DomainIs(info.cookie->Domain().c_str()))
On 2015/01/28 11:33:48, Finnur wrote:
> Thanks Mike.
> 
> I convinced myself that the review I sent out was correct, but started
doubting
> myself upon reading Newton's reply. But now I'm coming back to thinking it was
> correct after all. I'm not 100% sure, though, so I'll explain my reasoning and
> we can discuss.
> 
> As Mike points out, the cookie model and they way we present sites to the user
> are not consistent. We might show two sites for http://www.google.is (one with
https
> and one with http) in the sites list, but under the hood the cookies that get
> created when I access https://www.google.is (note the https) look something
akin
> to this:
> 
> A) HOST  Domain: http://www.google.is 
> B) DOMAIN  Domain: .google.is 
> C) DOMAIN  Domain: .google.is (Accessible to javascript only)
> 
> None of those cookies have the secure_ flag set to true (a flag that means
> cookies are only sent over https). 
> Side question: Mike, does secure_ == true mean that the cookie is not visible
on
> the site when accessed over http?
> 
> Anyway, regardless of that, two things are clear to me:
> 1) We have no good way of deleting only http or only https cookies (as the
three
> cookies above show). This is what Mike touched upon, they are purely domain
> bound.
> 2) We'll have a variety of cookies that can affect a site, some specifying
exact
> hosts (cookie A above), some casting a wider net (the other two), with no good
> way of knowing how they were created or how many sites within the domain use
it.
> So (in my mind) the only thing the implementation can do is ask the question:
> Does this cookie affect the site being deleted? If so, delete it. And that
where
> the DomainIs call comes in.
> 
> That means we're likely to delete a cookie that is shared by other sites on
the
> domain, so we can satisfy the requirement to delete the cookies for the site
> being deleted. To be specific -- and using Newtons example that if you ask to
> delete all data related to http://maps.google.com, you have to delete the
cookie that
> applies to the .google.com domain.
> 
> Right?

Ok, I'm convinced. Thanks for walking me through the reasoning :)

markusheintz_

On 2015/01/28 17:43:59, newt wrote: > lgtm. Thanks! > > https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/preferences/website_preference_bridge.cc > File chrome/browser/android/preferences/website_preference_bridge.cc (right): ...

5 years, 10 months ago (2015-01-29 10:14:58 UTC) #16

On 2015/01/28 17:43:59, newt wrote:
> lgtm. Thanks!
> 
>
https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/p...
> File chrome/browser/android/preferences/website_preference_bridge.cc (right):
> 
>
https://codereview.chromium.org/863503002/diff/80001/chrome/browser/android/p...
> chrome/browser/android/preferences/website_preference_bridge.cc:362:
> domain_.DomainIs(info.cookie->Domain().c_str()))
> On 2015/01/28 11:33:48, Finnur wrote:
> > Thanks Mike.
> > 
> > I convinced myself that the review I sent out was correct, but started
> doubting
> > myself upon reading Newton's reply. But now I'm coming back to thinking it
was
> > correct after all. I'm not 100% sure, though, so I'll explain my reasoning
and
> > we can discuss.
> > 
> > As Mike points out, the cookie model and they way we present sites to the
user
> > are not consistent. We might show two sites for http://www.google.is (one
with
> https
> > and one with http) in the sites list, but under the hood the cookies that
get
> > created when I access https://www.google.is (note the https) look something
> akin
> > to this:
> > 
> > A) HOST  Domain: http://www.google.is 
> > B) DOMAIN  Domain: .google.is 
> > C) DOMAIN  Domain: .google.is (Accessible to javascript only)
> > 
> > None of those cookies have the secure_ flag set to true (a flag that means
> > cookies are only sent over https). 
> > Side question: Mike, does secure_ == true mean that the cookie is not
visible
> on
> > the site when accessed over http?
> > 
> > Anyway, regardless of that, two things are clear to me:
> > 1) We have no good way of deleting only http or only https cookies (as the
> three
> > cookies above show). This is what Mike touched upon, they are purely domain
> > bound.
> > 2) We'll have a variety of cookies that can affect a site, some specifying
> exact
> > hosts (cookie A above), some casting a wider net (the other two), with no
good
> > way of knowing how they were created or how many sites within the domain use
> it.
> > So (in my mind) the only thing the implementation can do is ask the
question:
> > Does this cookie affect the site being deleted? If so, delete it. And that
> where
> > the DomainIs call comes in.
> > 
> > That means we're likely to delete a cookie that is shared by other sites on
> the
> > domain, so we can satisfy the requirement to delete the cookies for the site
> > being deleted. To be specific -- and using Newtons example that if you ask
to
> > delete all data related to http://maps.google.com, you have to delete the
> cookie that
> > applies to the .google.com domain.
> > 
> > Right?
> 
> Ok, I'm convinced. Thanks for walking me through the reasoning :)

LGTM

Following up on an off cl discussion.
I agree with the conclusion here.

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/863503002/100001

5 years, 10 months ago (2015-01-30 11:46:23 UTC) #18

commit-bot: I haz the power

5 years, 10 months ago (2015-01-30 12:29:43 UTC) #20

Message was sent while issue was closed.

Patchset 6 (id:??) landed as
https://crrev.com/bf8a48a2dfb9c0d16103ae8228798f5cfdaf343f
Cr-Commit-Position: refs/heads/master@{#313902}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages