Closed Bug 535336 Opened 15 years ago Closed 5 years ago

Enhance cookie back-end to allow extensions to control cookie setting and getting

Categories

(Core :: Networking: Cookies, enhancement, P3)

Product:
Core
Component:
Networking: Cookies
Type:
enhancement

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1197417

People

(Reporter: gerv, Unassigned)

Details

(Whiteboard: [necko-backlog]) 

dwitte tells me that at the moment, extensions can hook into cookie setting, but not necessarily cookie getting. (I think he said it was that way round.)

If an extension could control those two points, then extensions could be made to do things like:

- Per-window or per-tab session cookies (bug 117222)
- Separate third-party cookies for each first-party context (bug 535335)

and various other posible modifications to cookie policy. Such extensions could then be used to try out proposed changes and see how much of the web breaks.

Gerv
For something like bug 535335, there are several parts we need:

1) The ability to modify cookie data when setting. Currently, expiry and isSession attributes can be modified by an nsICookiePermission hook:

http://mxr.mozilla.org/mozilla-central/source/netwerk/cookie/src/nsCookieService.cpp#1571

but we need more than that. We'd want to send out a notification saying "this is the cookie we're about to set", and allow people to modify it if they wanted.

2) Same, but for getting. There's no hook for this right now. Would need a similar notification system.

3) Tweaking cookie limits. The cookieservice has a built-in limit of 50 cookies per base domain; if you're going to start storing massive amounts of third-party cookies, you'll need to get the cookieservice out of the way. These numbers are tweakable by pref, so they can be adjusted to large numbers, and whoever's doing the processing in 1) and 2) can implement whatever limits it wants.

In terms of implementation, your extension could probably tack whatever information it wanted onto the cookie value, and strip it off again before sending. (For instance, appending ";third-party;google.com" to the cookie value to indicate it was set in a third-party context with a first party of google.com.)

1) and 2) were already stabbed at in bug 337335. That work could be revived and used as a starting point.
Whiteboard: [necko-backlog]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P1 → P3

This bug is already fixed by the implementation of WebExtension cookie API.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.