1761314 - Cookies do not seem to be evicted when using document.cookie

Status: UNCONFIRMED

(Core :: Networking: Cookies, defect, P3)

Description

[bingler]

Steps to reproduce:

As far as I can tell from looking at the code [1] by default Firefox should allow a maximum of 180 cookies per domain. However, running the test on [2] and my own test seem to contradict that. Funny enough the cookie log shows an eviction but that isn't reflected on the page itself.

1. Enable cookie logging: https://www-archive.mozilla.org/projects/netlib/cookies/cookie-log.html

2. Navigate to https://example.com

3. In the developer tools console execute:
   for ( var i = 0; i < 200 ; i++) { document.cookie = 'a'+i+'=b; Secure; SameSite=Lax';};

4. Execute document.cookie and observe all 200 cookies.

5. Go to the Storage Tab and (maybe) view all 200 cookies there as well.
   I'm not able to repro consistently but this view occasionally shows all 200 and other times only cookies 30-199. Maybe a race condition?

6. Close Firefox and examine the cookie log to find "===== COOKIE EVICTED =====" entries for multiple cookies.

Tested today on 98.0.2 (64-bit) Windows 10

[1] https://searchfox.org/mozilla-central/source/netwerk/cookie/CookieStorage.cpp#552
[2] http://www.ruslog.com/tools/cookies.html

Actual results:

All 200 cookies set are returned by document.cookie and are (sometimes) visible within the developer tools Storage tab.

Expected results:

<=180 cookies should be returned/visible.

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Core::Networking: Cookies' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.