Cookie per host quota enforcement is off by one
Categories
(Core :: Networking: Cookies, defect, P3)
Tracking
()
People
(Reporter: dveditz, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [good-first-bug][necko-triaged])
In CookieCommons.h we define kCookieQuotaPerHost = 150;, but after a purge we have 151 cookies left. To trigger a purge we have to have 181 cookies, but that appears intended because we define kMaxCookiesPerHost = 180;
STR:
- pick a domain you don't care about, like https://example.org, and clear all it's cookies
- in the DevTools console on that site run
for (i = 1; i <= 181; i++) document.cookie = `c${String(i).padStart(3,0)}=0`;
document.cookie.split(';').length
Expected result: 150
Actual result: 151
Being off by one isn't that big a deal because the quota is more of a suggestion in the spec. But we differ from Chrome and that might have unwanted effects on some site someday.
|
Reporter | |
Updated•9 months ago
|
|
|
Reporter | |
Comment 1•9 months ago
|
||
In CookieStorage.cpp when we go to add our 181st cookie we find that we already have kMaxCookiesPerHost (180) stored
https://searchfox.org/mozilla-central/rev/50588a0b728b365afdd298debd35e8302efe7850/netwerk/cookie/CookieStorage.cpp#535
So we calculate how many cookies we ought to delete and get 180-150 = 30:
uint32_t limit = mMaxCookiesPerHost - mCookieQuotaPerHost;
So we delete that many and are left with the expected 150 cookies for that host. But remember we were in the middle of adding a cookie when we checked the quotas. So now we add that new cookie and end up with 151.
|
||
Comment 2•9 months ago
|
||
Should be trivial to fix. @Dylan?
Description
•