History log of /haiku/src/kits/network/libnetapi/NetworkCookieJar.cpp
Revision Date Author Comments
# fc8e5be1 14-Feb-2019 Augustin Cavalier <waddlesplash@gmail.com>

HashMap: Fix the build with GCC 7.


# de48af7a 14-Feb-2019 Augustin Cavalier <waddlesplash@gmail.com>

Adapt all consumers of HashSet and HashMap to the slightly-different APIs.

No functional changes intended. Tested and verified as working.

Change-Id: Iaa67c2e5f0d9aff433ac7348e63e901a6a80e589
Reviewed-on: https://review.haiku-os.org/c/1043
Reviewed-by: waddlesplash <waddlesplash@gmail.com>


# e1ca6769 26-Oct-2017 Jérôme Duval <jerome.duval@gmail.com>

libbnetapi: style fixes only.


# ab880b17 29-Jan-2017 Adrien Destugues <pulkomandy@gmail.com>

Cookie Jar: fix lock order inversion

The main lock on the cookie jar must always be locked before the rwlocks
for each domain list. This was reversed in one place, leading to a
typical deadlock pattern. Fixes one case of freeze in WebPositive: two
request threads whould interlock, and then anything trying to access the
cookie jar (including the main thread of Web+ to handle javascript
access to cookies) would also lock.


# a61218b1 30-Oct-2016 Mark Hellegers <mark@firedisk.net>

Fix #13042: Make sure all cookies are saved


# 0b6c1895 12-Nov-2015 Adrien Destugues <pulkomandy@pulkomandy.tk>

BNetworkCookieJar: rework locking

The cookie jar used to be locked whenever an iterator was instanciated.
This didn't work well when using several iterators in the same thread,
because the BLocker then allows all of them to access the list
concurrently.

Rework the locking code to use a more fine grained approach, where the
cookie jar is only locked temporarily by methods which require it. These
methods are the ones which get and put new domain-lists in the jar, as
well as acquiring the locks on the domain-lists.

Each domain-list in the jar is locked using a read/write lock as before.
This means there can be many requests getting cookies for the same
domain in paralel, but only one at a time is allowed to set new cookies.

The iterators keep domain lists they need to access read-locked, as long
as they iterate the cookies for that domain.

A limitation of this approach is that deleting a domain-list when it
becomes empty is difficult. We can live with this, however, the
iteration still works (it just skips empty lists), and the empty lists
will not be stored or restored when archiving the cookie jar.


# 463ffbfd 11-Jun-2014 Adrien Destugues <pulkomandy@pulkomandy.tk>

First steps towards cookie jar thread-safety

* Change the semantics of the iterators copy constructor and assignment
operator: they now return a new iterator for the same cookie jar (and
same url for the UrlIterator). They don't try to point to the same
position as the copied iterator. The only purpose of these is to write
code such as:

Iterator it = jar.GetIterator();

so having a full copy isn't that useful.

* The per-domain cookie lists are now protected with a read-write lock.
The iterators retain a read lock while they are handling cookies from
that list. They get a write lock when doing Remove. Adding a cookie to
the jar also gets the write lock for the matching list

* Fix a memory leak when adding a new domain-list to the jar failed

* Simplify the declaration of the PrivateHashMap type (it would be
even simpler if HashMap was a public API)

* The domain hashmap is now a SynchronizedHashMap. It is locked as long
as an Iterator or UrlIterator exists, which may be a problem as these
are public APIs. Writing safe iterators for an hashmap with concurrent
accesses is not easy, so the API could be modified to return a list of
domains and a list of cookies for a given domain or URL instead. This
would suit the intended uses just as well.

* The jar now store const cookies, so there is no need to lock them for
access/modification. Updating a cookie is done by replacing it with
another one in the jar (with the same domain and value). There is still
the problem of deleting a cookie while other threads may still access
it, this will be fixed by making cookies BReferenceable.


# 6ac7ba84 06-Jun-2014 Adrien Destugues <pulkomandy@pulkomandy.tk>

Sort cookies by path length (longest first)

* This makes sure the most specific cookies are sent first, matching
what other browsers do.


# e395fc4f 16-Jan-2014 Adrien Destugues <pulkomandy@pulkomandy.tk>

NetworkCookieJar: use-after-free, memcpy overwrite

* Add some tracing, std::nothrow and null checks
* The HashString class doesn't like SetTo being called with a substring
of the current key, so use a copy of it instead.

Fixes #6667.


# f36e1414 03-Dec-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Cookie Jar: allow setting cookies on "file" URLs.

* These are shared with HTTP cookies set for localhost. We probably want
to split them apart later on, so cookies should store and check the
protocol, additionally to the path and domain.
* Fixes #10195.


# 754bbf48 26-Nov-2013 Jérôme Duval <jerome.duval@gmail.com>

libnetapi: second pass of style cleanup

* remarks from Axel


# 97ddf901 25-Nov-2013 Jérôme Duval <jerome.duval@gmail.com>

libnetapi: style cleanup


# cb7df3b1 15-Nov-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Update webkit and cmake packages

* Some changes required in WebPositive to store the cookies on disk


# b7617ddd 25-Oct-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Network Cookie Jar: implement assignment operator.

This change is needed for implementing cookie persistence in Web+ using
the network kit backend.

The current implementation requires the user to unarchive the cookie
jar, then hand it over to the BUrlContext which will copy it to its own
field. This makes the code simpler, but maybe doing a complete copy
(with all the cookies) is an heavy operation and could be avoided.


# b3d13a00 19-Oct-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Network Kit: Coverity scan review and fixes

CID 1108353, 1108335: memory leak.
CID 610473: unused variable.
CID 1108446, 1108433, 1108432, 1108419, 1108400, 991710, 991713, 991712,
610098, 610097, 610096, 610095: uninitialized field
CID 1108421: unused field

Change the ownership of the result for Url/HttpRequests. The request now
owns its result and you either access it by reference while the request
is live, or copy it to keep it after the request destruction. To help
with that, get BUrlResult copy constructor and assignment operator to
work.

Performance issue: copying the BUrlResult also copies the underlying
BMallocIO data. This should be shared between the BUrlResult objects to
make the copy lighter. The case of BUrlSynchronousRequest is now
particularly inefficient, with at least 2 copies needed to get at the
result.


# c9d31eee 14-Oct-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

More cookie fixes

* Add some error handling in NetworkCookie and don't add broken cookies
(or should I say crumbs?) to the cookie jar
* More control on the path and domain, as well as the expiration time

We now pass Opera cookie testsuite functionality tests, as well as some
of the negative tests (we even do better than curl). Not going further
right now as this works well enough for positive cases and most
security/privacy issues are fixed (cross domain and cross path cookie
setting or spying).


# 780967d8 08-Oct-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Cleanup and fix cookies handling

* The cookie jar iterator now use a BObjectList instead of a BList
* Add a convenience method to the cookie jar to add a cookie by BUrl
and raw cookie string.
* Remove some methods in BNetworkCookie that could lead to invalid
cookies (cross-domain or with no domain at all).
* Make the cookie parsing able to report errors
* Fix off-by-one error in domain cookies validation.


# 64a1f5a0 07-Feb-2013 Hamish Morrison <hamishm53@gmail.com>

NetworkCookieJar: various small fixes and updated tests


# 2e7b5f9e 26-Jan-2013 Hamish Morrison <hamishm53@gmail.com>

NetworkCookieJar: don't leak a new cookie if it has expired


# 45939109 27-Oct-2010 Stephan Aßmus <superstippi@gmx.de>

Patch done by Christophe Huriaux as part of GSoC 2010 "Services Kit" project:
Integrated the classes in the Network Kit (libbnetapi.so). Only the foundation
classed BUrl, BUrlContext, BNetworkCookie, BNetworkCookieJar and the private
HttpTime code is currently compiled. The BUrlProtocol currently contains some
misplaced BUrlProtocolHttp specific stuff, and the HTTP stuff itself has a
dependency on libcrypto and should live in an add-on instead. I've sprinkled
some TODOs in the code, and I've done some renaming compared to the last
version of the GSoC patch. Any help to bring this further along is appreciated.


git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@39161 a95241bf-73f2-0310-859d-f6bbb57e9c96


# 463ffbfde42e3486c5b2366b7903a3aa1ddf77e1 11-Jun-2014 Adrien Destugues <pulkomandy@pulkomandy.tk>

First steps towards cookie jar thread-safety

* Change the semantics of the iterators copy constructor and assignment
operator: they now return a new iterator for the same cookie jar (and
same url for the UrlIterator). They don't try to point to the same
position as the copied iterator. The only purpose of these is to write
code such as:

Iterator it = jar.GetIterator();

so having a full copy isn't that useful.

* The per-domain cookie lists are now protected with a read-write lock.
The iterators retain a read lock while they are handling cookies from
that list. They get a write lock when doing Remove. Adding a cookie to
the jar also gets the write lock for the matching list

* Fix a memory leak when adding a new domain-list to the jar failed

* Simplify the declaration of the PrivateHashMap type (it would be
even simpler if HashMap was a public API)

* The domain hashmap is now a SynchronizedHashMap. It is locked as long
as an Iterator or UrlIterator exists, which may be a problem as these
are public APIs. Writing safe iterators for an hashmap with concurrent
accesses is not easy, so the API could be modified to return a list of
domains and a list of cookies for a given domain or URL instead. This
would suit the intended uses just as well.

* The jar now store const cookies, so there is no need to lock them for
access/modification. Updating a cookie is done by replacing it with
another one in the jar (with the same domain and value). There is still
the problem of deleting a cookie while other threads may still access
it, this will be fixed by making cookies BReferenceable.


# 6ac7ba848b54e8dc237b52700a9ac50a5e8a63f5 06-Jun-2014 Adrien Destugues <pulkomandy@pulkomandy.tk>

Sort cookies by path length (longest first)

* This makes sure the most specific cookies are sent first, matching
what other browsers do.


# e395fc4f3b90e0513a5b10347e697c005fb1318c 16-Jan-2014 Adrien Destugues <pulkomandy@pulkomandy.tk>

NetworkCookieJar: use-after-free, memcpy overwrite

* Add some tracing, std::nothrow and null checks
* The HashString class doesn't like SetTo being called with a substring
of the current key, so use a copy of it instead.

Fixes #6667.


# f36e1414b745380a50d9d8db9c20dc8721636810 03-Dec-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Cookie Jar: allow setting cookies on "file" URLs.

* These are shared with HTTP cookies set for localhost. We probably want
to split them apart later on, so cookies should store and check the
protocol, additionally to the path and domain.
* Fixes #10195.


# 754bbf4866278ecd2da2c517560bc90c67a3a6f5 26-Nov-2013 Jérôme Duval <jerome.duval@gmail.com>

libnetapi: second pass of style cleanup

* remarks from Axel


# 97ddf9019d06adbca5a68046ba8afa74ee4e9eb7 25-Nov-2013 Jérôme Duval <jerome.duval@gmail.com>

libnetapi: style cleanup


# cb7df3b1da881c3fadef628b0a0d5a122f131bd0 15-Nov-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Update webkit and cmake packages

* Some changes required in WebPositive to store the cookies on disk


# b7617ddd68d4b2b95d8394edad08f2954e859bf5 25-Oct-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Network Cookie Jar: implement assignment operator.

This change is needed for implementing cookie persistence in Web+ using
the network kit backend.

The current implementation requires the user to unarchive the cookie
jar, then hand it over to the BUrlContext which will copy it to its own
field. This makes the code simpler, but maybe doing a complete copy
(with all the cookies) is an heavy operation and could be avoided.


# b3d13a000c6fd58d91bdf15fa3abdcc4d3546eff 19-Oct-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Network Kit: Coverity scan review and fixes

CID 1108353, 1108335: memory leak.
CID 610473: unused variable.
CID 1108446, 1108433, 1108432, 1108419, 1108400, 991710, 991713, 991712,
610098, 610097, 610096, 610095: uninitialized field
CID 1108421: unused field

Change the ownership of the result for Url/HttpRequests. The request now
owns its result and you either access it by reference while the request
is live, or copy it to keep it after the request destruction. To help
with that, get BUrlResult copy constructor and assignment operator to
work.

Performance issue: copying the BUrlResult also copies the underlying
BMallocIO data. This should be shared between the BUrlResult objects to
make the copy lighter. The case of BUrlSynchronousRequest is now
particularly inefficient, with at least 2 copies needed to get at the
result.


# c9d31eeed6ffa94ae37ce66959242a9a9ed40a60 14-Oct-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

More cookie fixes

* Add some error handling in NetworkCookie and don't add broken cookies
(or should I say crumbs?) to the cookie jar
* More control on the path and domain, as well as the expiration time

We now pass Opera cookie testsuite functionality tests, as well as some
of the negative tests (we even do better than curl). Not going further
right now as this works well enough for positive cases and most
security/privacy issues are fixed (cross domain and cross path cookie
setting or spying).


# 780967d8ac9392810bff1c3870fbe1c01b9d3fb6 08-Oct-2013 Adrien Destugues <pulkomandy@pulkomandy.tk>

Cleanup and fix cookies handling

* The cookie jar iterator now use a BObjectList instead of a BList
* Add a convenience method to the cookie jar to add a cookie by BUrl
and raw cookie string.
* Remove some methods in BNetworkCookie that could lead to invalid
cookies (cross-domain or with no domain at all).
* Make the cookie parsing able to report errors
* Fix off-by-one error in domain cookies validation.


# 64a1f5a020afbbb203b72bfb07e1b08d38431bfe 07-Feb-2013 Hamish Morrison <hamishm53@gmail.com>

NetworkCookieJar: various small fixes and updated tests


# 2e7b5f9e185297670adc17f3aada0a4af6a48838 26-Jan-2013 Hamish Morrison <hamishm53@gmail.com>

NetworkCookieJar: don't leak a new cookie if it has expired


# 45939109b4d2aebac59573a0cac0ff5641d47d57 27-Oct-2010 Stephan Aßmus <superstippi@gmx.de>

Patch done by Christophe Huriaux as part of GSoC 2010 "Services Kit" project:
Integrated the classes in the Network Kit (libbnetapi.so). Only the foundation
classed BUrl, BUrlContext, BNetworkCookie, BNetworkCookieJar and the private
HttpTime code is currently compiled. The BUrlProtocol currently contains some
misplaced BUrlProtocolHttp specific stuff, and the HTTP stuff itself has a
dependency on libcrypto and should live in an add-on instead. I've sprinkled
some TODOs in the code, and I've done some renaming compared to the last
version of the GSoC patch. Any help to bring this further along is appreciated.


git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@39161 a95241bf-73f2-0310-859d-f6bbb57e9c96