Review Request: Using KWallet to store Cookies

José Millán Soto fid at gpul.org
Tue Oct 26 02:45:28 BST 2010



> On 2010-09-18 07:42:52, Michael Leupold wrote:
> > Regarding the Secret Storage spec and a possible migration to ksecretservice later-on the storage format should be alright. However, I'd suggest changing it a little bit for further benefit:
> > 
> > I'd mangle the domain name and the cookie name into the entry key, eg. "reviewboard.kde.org|rbsessionid", and store each single cookie as an entry. Like this you could avoid saving cookie.name() as map entry keys over and over again. Further development could then easily include loading and storing cookies "on-the-fly", ie. you could load single cookies without having to load the whole domain. For the current use-case there shouldn't be a lot of overhead if you do it like this either.
> > 
> > As I don't know too much about cookies I don't know if it's "the right way" though, it just looks cleaner. Maybe someone with more experience could take a look and comment if that would make sense.

I don't think it could be useful to load a single cookie without loading the rest of the cookies of the domain, as every time an HTTP request is made, all of them are sent to the server.
Moreover, creating a key for each cookie would also require to create another key for the domain to avoid trying to open the wallet when no cookies are needed.


- José


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://svn.reviewboard.kde.org/r/4927/#review7675
-----------------------------------------------------------


On 2010-10-26 01:24:01, José Millán Soto wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://svn.reviewboard.kde.org/r/4927/
> -----------------------------------------------------------
> 
> (Updated 2010-10-26 01:24:01)
> 
> 
> Review request for kdelibs.
> 
> 
> Summary
> -------
> 
> Currently cookies are stored in a plain text file. This patch allows KCookieJar to store the cookies securely using KWallet.
> 
> The main problem I had writing this patch was that when a web page is requested, KIO ask for the cookies to kded using dbus. In the first implementations that I wrote, if the user took too long to open the wallet, KIO received a dbus timeout.
> 
> To prevent this, if it takes more than 10 seconds to open the wallet, the web page will be requested without sending the cookies (or sending the available cookies if there's still the plain text cookie file). If the wallet is opened after that, the cookies stored in the wallet will be available since then.
> 
> Because of this, the feature is disabled by default.
> 
> 
> Diffs
> -----
> 
>   /trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespolicies.cpp 1189829 
>   /trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespoliciesdlg.ui 1189829 
>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.h 1189787 
>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.cpp 1189787 
>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.h 1189787 
>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.cpp 1189787 
> 
> Diff: http://svn.reviewboard.kde.org/r/4927/diff
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> José
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20101026/aa2aa18d/attachment.htm>


More information about the kde-core-devel mailing list