| blob | 5a0692239162c30bedd88fd496a7c0df975f6f13 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Brought to you by the letter D and the number 2.
7 #ifndef NET_COOKIES_COOKIE_MONSTER_H_
8 #define NET_COOKIES_COOKIE_MONSTER_H_
10 #include <deque>
11 #include <map>
12 #include <queue>
13 #include <set>
14 #include <string>
15 #include <utility>
16 #include <vector>
43 // The cookie monster is the system for storing and retrieving cookies. It has
44 // an in-memory list of all cookies, and synchronizes non-session cookies to an
45 // optional permanent storage that implements the PersistentCookieStore
46 // interface.
47 //
48 // This class IS thread-safe. Normally, it is only used on the I/O thread, but
49 // is also accessed directly through Automation for UI testing.
50 //
51 // All cookie tasks are handled asynchronously. Tasks may be deferred if
52 // all affected cookies are not yet loaded from the backing store. Otherwise,
53 // the callback may be invoked immediately (prior to return of the asynchronous
54 // function).
55 //
56 // A cookie task is either pending loading of the entire cookie store, or
57 // loading of cookies for a specfic domain key(eTLD+1). In the former case, the
58 // cookie task will be queued in tasks_pending_ while PersistentCookieStore
59 // chain loads the cookie store on DB thread. In the latter case, the cookie
60 // task will be queued in tasks_pending_for_key_ while PermanentCookieStore
61 // loads cookies for the specified domain key(eTLD+1) on DB thread.
62 //
63 // Callbacks are guaranteed to be invoked on the calling thread.
64 //
65 // TODO(deanm) Implement CookieMonster, the cookie database.
66 // - Verify that our domain enforcement and non-dotted handling is correct
72 // Terminology:
73 // * The 'top level domain' (TLD) of an internet domain name is
74 // the terminal "." free substring (e.g. "com" for google.com
75 // or world.std.com).
76 // * The 'effective top level domain' (eTLD) is the longest
77 // "." initiated terminal substring of an internet domain name
78 // that is controlled by a general domain registrar.
79 // (e.g. "co.uk" for news.bbc.co.uk).
80 // * The 'effective top level domain plus one' (eTLD+1) is the
81 // shortest "." delimited terminal substring of an internet
82 // domain name that is not controlled by a general domain
83 // registrar (e.g. "bbc.co.uk" for news.bbc.co.uk, or
84 // "google.com" for news.google.com). The general assumption
85 // is that all hosts and domains under an eTLD+1 share some
86 // administrative control.
88 // CookieMap is the central data structure of the CookieMonster. It
89 // is a map whose values are pointers to CanonicalCookie data
90 // structures (the data structures are owned by the CookieMonster
91 // and must be destroyed when removed from the map). The key is based on the
92 // effective domain of the cookies. If the domain of the cookie has an
93 // eTLD+1, that is the key for the map. If the domain of the cookie does not
94 // have an eTLD+1, the key of the map is the host the cookie applies to (it is
95 // not legal to have domain cookies without an eTLD+1). This rule
96 // excludes cookies for, e.g, ".com", ".co.uk", or ".internalnetwork".
97 // This behavior is the same as the behavior in Firefox v 3.6.10.
99 // NOTE(deanm):
100 // I benchmarked hash_multimap vs multimap. We're going to be query-heavy
101 // so it would seem like hashing would help. However they were very
102 // close, with multimap being a tiny bit faster. I think this is because
103 // our map is at max around 1000 entries, and the additional complexity
104 // for the hashing might not overcome the O(log(1000)) for querying
105 // a multimap. Also, multimap is standard, another reason to use it.
106 // TODO(rdsmith): This benchmark should be re-done now that we're allowing
107 // subtantially more entries in the map.
112 // Cookie garbage collection thresholds. Based off of the Mozilla defaults.
113 // When the number of cookies gets to k{Domain,}MaxCookies
114 // purge down to k{Domain,}MaxCookies - k{Domain,}PurgeCookies.
115 // It might seem scary to have a high purge value, but really it's not.
116 // You just make sure that you increase the max to cover the increase
117 // in purge, and we would have been purging the same number of cookies.
118 // We're just going through the garbage collection process less often.
119 // Note that the DOMAIN values are per eTLD+1; see comment for the
120 // CookieMap typedef. So, e.g., the maximum number of cookies allowed for
121 // google.com and all of its subdomains will be 150-180.
122 //
123 // Any cookies accessed more recently than kSafeFromGlobalPurgeDays will not
124 // be evicted by global garbage collection, even if we have more than
125 // kMaxCookies. This does not affect domain garbage collection.
131 // Quota for cookies with {low, medium, high} priorities within a domain.
136 // The store passed in should not have had Init() called on it yet. This
137 // class will take care of initializing it. The backing store is NOT owned by
138 // this class, but it must remain valid for the duration of the cookie
139 // monster's existence. If |store| is NULL, then no backing store will be
140 // updated. If |delegate| is non-NULL, it will be notified on
141 // creation/deletion of cookies.
144 // Only used during unit testing.
149 // Helper function that adds all cookies from |list| into this instance.
156 // Sets a cookie given explicit user-provided cookie attributes. The cookie
157 // name, value, domain, etc. are each provided as separate strings. This
158 // function expects each attribute to be well-formed. It will check for
159 // disallowed characters (e.g. the ';' character is disallowed within the
160 // cookie value attribute) and will return false without setting the cookie
161 // if such characters are found.
170 CookiePriority priority,
174 // Returns all the cookies, for use in management UI, etc. This does not mark
175 // the cookies as having been accessed.
176 // The returned cookies are ordered by longest path, then by earliest
177 // creation date.
180 // Returns all the cookies, for use in management UI, etc. Filters results
181 // using given url scheme, host / domain and path and options. This does not
182 // mark the cookies as having been accessed.
183 // The returned cookies are ordered by longest path, then earliest
184 // creation date.
190 // Deletes all of the cookies.
193 // Deletes all cookies that match the host of the given URL
194 // regardless of path. This includes all http_only and secure cookies,
195 // but does not include any domain cookies that may apply to this host.
196 // Returns the number of cookies deleted.
200 // Deletes one specific cookie.
204 // Checks whether for a given ETLD+1, there currently exist any cookies.
208 // Resets the list of cookieable schemes to the supplied schemes.
209 // If this this method is called, it must be called before first use of
210 // the instance (i.e. as part of the instance initialization process).
213 // Resets the list of cookieable schemes to kDefaultCookieableSchemes with or
214 // without 'file' being included.
215 //
216 // There are some unknowns about how to correctly handle file:// cookies,
217 // and our implementation for this is not robust enough. This allows you
218 // to enable support, but it should only be used for testing. Bug 1157243.
221 // Instructs the cookie monster to not delete expired cookies. This is used
222 // in cases where the cookie monster is used as a data structure to keep
223 // arbitrary cookies.
226 // Protects session cookies from deletion on shutdown.
229 // Flush the backing store (if any) to disk and post the given callback when
230 // done.
231 // WARNING: THE CALLBACK WILL RUN ON A RANDOM THREAD. IT MUST BE THREAD SAFE.
232 // It may be posted to the current thread, or it may run on the thread that
233 // actually does the flushing. Your Task should generally post a notification
234 // to the thread you actually want to be notified on.
237 // CookieStore implementation.
239 // Sets the cookies specified by |cookie_list| returned from |url|
240 // with options |options| in effect.
247 // Gets all cookies that apply to |url| given |options|.
248 // The returned cookies are ordered by longest path, then earliest
249 // creation date.
255 // Invokes GetAllCookiesForURLWithOptions with options set to include HTTP
256 // only cookies.
261 // Deletes all cookies with that might apply to |url| that has |cookie_name|.
266 // Deletes all of the cookies that have a creation_date greater than or equal
267 // to |delete_begin| and less than |delete_end|.
268 // Returns the number of cookies that have been deleted.
274 // Deletes all of the cookies that match the host of the given URL
275 // regardless of path and that have a creation_date greater than or
276 // equal to |delete_begin| and less then |delete_end|. This includes
277 // all http_only and secure cookies, but does not include any domain
278 // cookies that may apply to this host.
279 // Returns the number of cookies deleted.
290 // Enables writing session cookies into the cookie database. If this this
291 // method is called, it must be called before first use of the instance
292 // (i.e. as part of the instance initialization process).
295 // Debugging method to perform various validation checks on the map.
296 // Currently just checking that there are no null CanonicalCookie pointers
297 // in the map.
298 // Argument |arg| is to allow retaining of arbitrary data if the CHECKs
299 // in the function trip. TODO(rdsmith):Remove hack.
302 // Determines if the scheme of the URL is a scheme that cookies will be
303 // stored for.
306 // The default list of schemes the cookie monster can handle.
311 // For queueing the cookie monster calls.
328 // Testing support.
329 // For SetCookieWithCreationTime.
331 TestCookieDeleteAllCreatedBetweenTimestamps);
332 // For SetCookieWithCreationTime.
334 ThreadCheckDeleteAllCreatedBetweenForHost);
336 // For gargage collection constants.
342 // For validation of key values.
348 // For FindCookiesForKey.
351 // Internal reasons for deletion, used to populate informative histograms
352 // and to provide a public cause for onCookieChange notifications.
353 //
354 // If you add or remove causes from this list, please be sure to also update
355 // the CookieMonsterDelegate::ChangeCause mapping inside ChangeCauseMapping.
356 // Moreover, these are used as array indexes, so avoid reordering to keep the
357 // histogram buckets consistent. New items (if necessary) should be added
358 // at the end of the list, just before DELETE_COOKIE_LAST_ENTRY.
361 DELETE_COOKIE_OVERWRITE,
362 DELETE_COOKIE_EXPIRED,
363 DELETE_COOKIE_EVICTED,
364 DELETE_COOKIE_DUPLICATE_IN_BACKING_STORE,
366 DELETE_COOKIE_EVICTED_DOMAIN,
367 DELETE_COOKIE_EVICTED_GLOBAL,
369 // Cookies evicted during domain level garbage collection that
370 // were accessed longer ago than kSafeFromGlobalPurgeDays
371 DELETE_COOKIE_EVICTED_DOMAIN_PRE_SAFE,
373 // Cookies evicted during domain level garbage collection that
374 // were accessed more recently than kSafeFromGlobalPurgeDays
375 // (and thus would have been preserved by global garbage collection).
376 DELETE_COOKIE_EVICTED_DOMAIN_POST_SAFE,
378 // A common idiom is to remove a cookie by overwriting it with an
379 // already-expired expiration date. This captures that case.
380 DELETE_COOKIE_EXPIRED_OVERWRITE,
382 // Cookies are not allowed to contain control characters in the name or
383 // value. However, we used to allow them, so we are now evicting any such
384 // cookies as we load them. See http://crbug.com/238041.
385 DELETE_COOKIE_CONTROL_CHAR,
387 DELETE_COOKIE_LAST_ENTRY
388 };
390 // The number of days since last access that cookies will not be subject
391 // to global garbage collection.
394 // Record statistics every kRecordStatisticsIntervalSeconds of uptime.
399 // The following are synchronous calls to which the asynchronous methods
400 // delegate either immediately (if the store is loaded) or through a deferred
401 // task (if the store is not yet loaded).
410 CookiePriority priority);
448 // Called by all non-static functions to ensure that the cookies store has
449 // been initialized. This is not done during creating so it doesn't block
450 // the window showing.
451 // Note: this method should always be called with lock_ held.
458 }
460 }
461 }
463 // Initializes the backing store and reads existing cookies from it.
464 // Should only be called by InitIfNecessary().
467 // Stores cookies loaded from the backing store and invokes any deferred
468 // calls. |beginning_time| should be the moment PersistentCookieStore::Load
469 // was invoked and is used for reporting histogram_time_blocked_on_load_.
470 // See PersistentCookieStore::Load for details on the contents of cookies.
474 // Stores cookies loaded from the backing store and invokes the deferred
475 // task(s) pending loading of cookies associated with the domain key
476 // (eTLD+1). Called when all cookies for the domain key(eTLD+1) have been
477 // loaded from DB. See PersistentCookieStore::Load for details on the contents
478 // of cookies.
483 // Stores the loaded cookies.
486 // Invokes deferred calls.
489 // Checks that |cookies_| matches our invariants, and tries to repair any
490 // inconsistencies. (In other words, it does not have duplicate cookies).
493 // Checks for any duplicate cookies for CookieMap key |key| which lie between
494 // |begin| and |end|. If any are found, all but the most recent are deleted.
495 // Returns the number of duplicate cookies that were deleted.
514 // Delete any cookies that are equivalent to |ecc| (same path, domain, etc).
515 // If |skip_httponly| is true, httponly cookies will not be deleted. The
516 // return value with be true if |skip_httponly| skipped an httponly cookie.
517 // |key| is the key to find the cookie in cookies_; see the comment before
518 // the CookieMap typedef for details.
519 // NOTE: There should never be more than a single matching equivalent cookie.
525 // Takes ownership of *cc. Returns an iterator that points to the inserted
526 // cookie in cookies_. Guarantee: all iterators to cookies_ remain valid.
531 // Helper function that sets cookies with more control.
532 // Not exposed as we don't want callers to have the ability
533 // to specify (potentially duplicate) creation times.
539 // Helper function that sets a canonical cookie, deleting equivalents and
540 // performing garbage collection.
548 // |deletion_cause| argument is used for collecting statistics and choosing
549 // the correct CookieMonsterDelegate::ChangeCause for OnCookieChanged
550 // notifications. Guarantee: All iterators to cookies_ except to the
551 // deleted entry remain vaild.
553 DeletionCause deletion_cause);
555 // If the number of cookies for CookieMap key |key|, or globally, are
556 // over the preset maximums above, garbage collect, first for the host and
557 // then globally. See comments above garbage collection threshold
558 // constants for details.
559 //
560 // Returns the number of cookies deleted (useful for debugging).
563 // Helper for GarbageCollect(); can be called directly as well. Deletes
564 // all expired cookies in |itpair|. If |cookie_its| is non-NULL, it is
565 // populated with all the non-expired cookies from |itpair|.
566 //
567 // Returns the number of cookies deleted.
572 // Helper for GarbageCollect(). Deletes all cookies in the range specified by
573 // [|it_begin|, |it_end|). Returns the number of cookies deleted.
575 DeletionCause cause,
579 // Find the key (for lookup in cookies_) based on the given domain.
580 // See comment on keys before the CookieMap typedef.
585 // Statistics support
587 // This function should be called repeatedly, and will record
588 // statistics if a sufficient time period has passed.
591 // Initialize the above variables; should only be called from
592 // the constructor.
595 // The resolution of our time isn't enough, so we do something
596 // ugly and increment when we've seen the same time twice.
599 // Runs the task if, or defers the task until, the full cookie database is
600 // loaded.
603 // Runs the task if, or defers the task until, the cookies for the given URL
604 // are loaded.
608 // Histogram variables; see CookieMonster::InitializeHistograms() in
609 // cookie_monster.cc for details.
623 CookieMap cookies_;
625 // Indicates whether the cookie store has been initialized. This happens
626 // lazily in InitStoreIfNecessary().
629 // Indicates whether loading from the backend store is completed and
630 // calls may be immediately processed.
633 // List of domain keys that have been loaded from the DB.
636 // Map of domain keys to their associated task queues. These tasks are blocked
637 // until all cookies for the associated domain key eTLD+1 are loaded from the
638 // backend store.
640 tasks_pending_for_key_;
642 // Queues tasks that are blocked until all cookies are loaded from the backend
643 // store.
650 // Minimum delay after updating a cookie's LastAccessDate before we will
651 // update it again.
654 // Approximate date of access time of least recently accessed cookie
655 // in |cookies_|. Note that this is not guaranteed to be accurate, only a)
656 // to be before or equal to the actual time, and b) to be accurate
657 // immediately after a garbage collection that scans through all the cookies.
658 // This value is used to determine whether global garbage collection might
659 // find cookies to purge.
660 // Note: The default Time() constructor will create a value that compares
661 // earlier than any other time value, which is wanted. Thus this
662 // value is not initialized.
665 // During loading, holds the set of all loaded cookie creation times. Used to
666 // avoid ever letting cookies with duplicate creation times into the store;
667 // that way we don't have to worry about what sections of code are safe
668 // to call while it's in that state.
675 // Lock for thread-safety
683 // Static setting for whether or not file scheme cookies are allows when
684 // a new CookieMonster is created, or the accepted schemes on a CookieMonster
685 // instance are reset back to defaults.
689 };
691 class NET_EXPORT CookieMonsterDelegate
694 // The publicly relevant reasons a cookie might be changed.
696 // The cookie was changed directly by a consumer's action.
697 CHANGE_COOKIE_EXPLICIT,
698 // The cookie was automatically removed due to an insert operation that
699 // overwrote it.
700 CHANGE_COOKIE_OVERWRITE,
701 // The cookie was automatically removed as it expired.
702 CHANGE_COOKIE_EXPIRED,
703 // The cookie was automatically evicted during garbage collection.
704 CHANGE_COOKIE_EVICTED,
705 // The cookie was overwritten with an already-expired expiration date.
706 CHANGE_COOKIE_EXPIRED_OVERWRITE
707 };
709 // Will be called when a cookie is added or removed. The function is passed
710 // the respective |cookie| which was added to or removed from the cookies.
711 // If |removed| is true, the cookie was deleted, and |cause| will be set
712 // to the reason for its removal. If |removed| is false, the cookie was
713 // added, and |cause| will be set to CHANGE_COOKIE_EXPLICIT.
714 //
715 // As a special case, note that updating a cookie's properties is implemented
716 // as a two step process: the cookie to be updated is first removed entirely,
717 // generating a notification with cause CHANGE_COOKIE_OVERWRITE. Afterwards,
718 // a new cookie is written with the updated values, generating a notification
719 // with cause CHANGE_COOKIE_EXPLICIT.
726 };
729 RefcountedPersistentCookieStore;
735 LoadedCallback;
737 // Initializes the store and retrieves the existing cookies. This will be
738 // called only once at startup. The callback will return all the cookies
739 // that are not yet returned to CookieMonster by previous priority loads.
742 // Does a priority load of all cookies for the domain key (eTLD+1). The
743 // callback will return all the cookies that are not yet returned by previous
744 // loads, which includes cookies for the requested domain key if they are not
745 // already returned, plus all cookies that are chain-loaded and not yet
746 // returned to CookieMonster.
754 // Instructs the store to not discard session only cookies on shutdown.
757 // Flushes the store and posts |callback| when complete.
767 };