Implement backend support for forcing cookies to be saved as

session cookies. Introduces a new CookiePolicy result code OK_FOR_SESSION_ONLY. R=eroman BUG=34571 TEST=none Review URL: http://codereview.chromium.org/577013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@38179 0039d316-1c4b-4281-b951-d872f2087c98
author: darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-02-05 04:27:47 +0000
committer: darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-02-05 04:27:47 +0000
commit: 4f79b3f0a594fab40f6afa6577503b7e33d866f2 (patch)
tree: d6ef4256e95e0d188880e65c49773a23b1990cb0 /net
parent: f79b6495a07ca8c54ef9ccc2113304bf754b5fe2 (diff)
download: chromium_src-4f79b3f0a594fab40f6afa6577503b7e33d866f2.zip
chromium_src-4f79b3f0a594fab40f6afa6577503b7e33d866f2.tar.gz
chromium_src-4f79b3f0a594fab40f6afa6577503b7e33d866f2.tar.bz2
6 files changed, 84 insertions, 10 deletions
diff --git a/net/base/cookie_monster.cc b/net/base/cookie_monster.cc
index 6cda7e5..595bf06 100644
--- a/net/base/cookie_monster.cc
+++ b/net/base/cookie_monster.cc
@@ -361,7 +361,11 @@ static std::string CanonPath(const GURL& url,
 }
 
 static Time CanonExpiration(const CookieMonster::ParsedCookie& pc,
-                            const Time& current) {
+                            const Time& current,
+                            const CookieOptions& options) {
+  if (options.force_session())
+    return Time();
+
   // First, try the Max-Age attribute.
   uint64 max_age = 0;
   if (pc.HasMaxAge() &&
@@ -445,7 +449,7 @@ bool CookieMonster::SetCookieWithCreationTimeAndOptions(
   std::string cookie_path = CanonPath(url, pc);
 
   scoped_ptr<CanonicalCookie> cc;
-  Time cookie_expires = CanonExpiration(pc, creation_time);
+  Time cookie_expires = CanonExpiration(pc, creation_time, options);
 
   cc.reset(new CanonicalCookie(pc.Name(), pc.Value(), cookie_path,
                                pc.IsSecure(), pc.IsHttpOnly(),
diff --git a/net/base/cookie_options.h b/net/base/cookie_options.h
index e9301fe..9995a05 100644
--- a/net/base/cookie_options.h
+++ b/net/base/cookie_options.h
@@ -14,12 +14,22 @@ class CookieOptions {
   // Default is to exclude httponly, which means:
   // - reading operations will not return httponly cookies.
   // - writing operations will not write httponly cookies.
-  CookieOptions() : exclude_httponly_(true) {}
+  CookieOptions()
+      : exclude_httponly_(true),
+        force_session_(false) {
+  }
+
   void set_exclude_httponly() { exclude_httponly_ = true; }
   void set_include_httponly() { exclude_httponly_ = false; }
   bool exclude_httponly() const { return exclude_httponly_; }
+
+  // Forces a cookie to be saved as a session cookie.
+  void set_force_session() { force_session_ = true; }
+  bool force_session() const { return force_session_; }
+
  private:
   bool exclude_httponly_;
+  bool force_session_;
 };
 }  // namespace net
 
diff --git a/net/base/cookie_policy.h b/net/base/cookie_policy.h
index d2df2f5..f502e64d 100644
--- a/net/base/cookie_policy.h
+++ b/net/base/cookie_policy.h
@@ -11,12 +11,22 @@ class GURL;
 
 namespace net {
 
+// Alternative success codes for CookiePolicy::Can{Get,Set}Cookie(s).
+enum {
+  OK_FOR_SESSION_ONLY = 1,  // The cookie may be set but not persisted.
+};
+
 class CookiePolicy {
  public:
-  // Determines if the URL's cookies may be read.  Returns OK if allowed to
-  // read cookies for the given URL.  Returns ERR_IO_PENDING to indicate that
-  // the completion callback will be notified (asynchronously and on the
-  // current thread) of the final result.  Note: The completion callback must
+  // Determines if the URL's cookies may be read.
+  //
+  // Returns:
+  //   OK                   -  if allowed to read cookies
+  //   ERR_ACCESS_DENIED    -  if not allowed to read cookies
+  //   ERR_IO_PENDING       -  if the result will be determined asynchronously
+  //
+  // If the return value is ERR_IO_PENDING, then the given callback will be
+  // notified once the final result is determined.  Note: The callback must
   // remain valid until notified.
   virtual int CanGetCookies(const GURL& url,
                             const GURL& first_party_for_cookies,
@@ -27,6 +37,19 @@ class CookiePolicy {
   // the completion callback will be notified (asynchronously and on the
   // current thread) of the final result.  Note: The completion callback must
   // remain valid until notified.
+
+  // Determines if the URL's cookies may be written.
+  //
+  // Returns:
+  //   OK                   -  if allowed to write cookies
+  //   OK_FOR_SESSION_ONLY  -  if allowed to write cookies, but forces them to
+  //                           be stored as session cookies
+  //   ERR_ACCESS_DENIED    -  if not allowed to write cookies
+  //   ERR_IO_PENDING       -  if the result will be determined asynchronously
+  //
+  // If the return value is ERR_IO_PENDING, then the given callback will be
+  // notified once the final result is determined.  Note: The callback must
+  // remain valid until notified.
   virtual int CanSetCookie(const GURL& url,
                            const GURL& first_party_for_cookies,
                            const std::string& cookie_line,
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 25b0f33..05fd0f2 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -432,7 +432,7 @@ bool URLRequestHttpJob::ReadRawData(net::IOBuffer* buf, int buf_size,
 void URLRequestHttpJob::OnCanGetCookiesCompleted(int policy) {
   // If the request was destroyed, then there is no more work to do.
   if (request_ && request_->delegate()) {
-    if (policy == net::OK && request_->context()->cookie_store()) {
+    if (request_->context()->cookie_store() && policy == net::OK) {
       net::CookieOptions options;
       options.set_include_httponly();
       std::string cookies =
@@ -450,10 +450,14 @@ void URLRequestHttpJob::OnCanGetCookiesCompleted(int policy) {
 void URLRequestHttpJob::OnCanSetCookieCompleted(int policy) {
   // If the request was destroyed, then there is no more work to do.
   if (request_ && request_->delegate()) {
-    if (policy == net::OK && request_->context()->cookie_store()) {
+    if (request_->context()->cookie_store() &&
+            (policy == net::OK ||
+             policy == net::OK_FOR_SESSION_ONLY)) {
       // OK to save the current response cookie now.
       net::CookieOptions options;
       options.set_include_httponly();
+      if (policy == net::OK_FOR_SESSION_ONLY)
+        options.set_force_session();
       request_->context()->cookie_store()->SetCookieWithOptions(
           request_->url(), response_cookies_[response_cookies_save_index_],
           options);
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index a94158a..d25ab08 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -1522,6 +1522,35 @@ TEST_F(URLRequestTest, CancelTest_DuringCookiePolicy) {
   context->set_cookie_policy(NULL);
 }
 
+TEST_F(URLRequestTest, CookiePolicy_ForceSession) {
+  scoped_refptr<HTTPTestServer> server =
+      HTTPTestServer::CreateServer(L"", NULL);
+  ASSERT_TRUE(NULL != server.get());
+  scoped_refptr<URLRequestTestContext> context = new URLRequestTestContext();
+
+  TestCookiePolicy cookie_policy(TestCookiePolicy::FORCE_SESSION);
+  context->set_cookie_policy(&cookie_policy);
+
+  // Set up a cookie.
+  {
+    TestDelegate d;
+    URLRequest req(server->TestServerPage(
+        "set-cookie?A=1;expires=\"Fri, 05 Feb 2010 23:42:01 GMT\""), &d);
+    req.set_context(context);
+    req.Start();  // Triggers an asynchronous cookie policy check.
+
+    MessageLoop::current()->Run();
+  }
+
+  // Now, check the cookie store.
+  net::CookieMonster::CookieList cookies =
+      context->cookie_store()->GetCookieMonster()->GetAllCookies();
+  EXPECT_EQ(1U, cookies.size());
+  EXPECT_FALSE(cookies[0].second.IsPersistent());
+
+  context->set_cookie_policy(NULL);
+}
+
 // In this test, we do a POST which the server will 302 redirect.
 // The subsequent transaction should use GET, and should not send the
 // Content-Type header.
diff --git a/net/url_request/url_request_unittest.h b/net/url_request/url_request_unittest.h
index 6c1be78..3f50335 100644
--- a/net/url_request/url_request_unittest.h
+++ b/net/url_request/url_request_unittest.h
@@ -53,7 +53,8 @@ class TestCookiePolicy : public net::CookiePolicy {
   enum Options {
     NO_GET_COOKIES = 1 << 0,
     NO_SET_COOKIE  = 1 << 1,
-    ASYNC          = 1 << 2
+    ASYNC          = 1 << 2,
+    FORCE_SESSION  = 1 << 3,
   };
 
   explicit TestCookiePolicy(int options_bit_mask)
@@ -93,6 +94,9 @@ class TestCookiePolicy : public net::CookiePolicy {
     if (options_ & NO_SET_COOKIE)
       return net::ERR_ACCESS_DENIED;
 
+    if (options_ & FORCE_SESSION)
+      return net::OK_FOR_SESSION_ONLY;
+
     return net::OK;
   }
author	darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-02-05 04:27:47 +0000
committer	darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-02-05 04:27:47 +0000
commit	4f79b3f0a594fab40f6afa6577503b7e33d866f2 (patch)
tree	d6ef4256e95e0d188880e65c49773a23b1990cb0 /net
parent	f79b6495a07ca8c54ef9ccc2113304bf754b5fe2 (diff)
download	chromium_src-4f79b3f0a594fab40f6afa6577503b7e33d866f2.zip chromium_src-4f79b3f0a594fab40f6afa6577503b7e33d866f2.tar.gz chromium_src-4f79b3f0a594fab40f6afa6577503b7e33d866f2.tar.bz2