Review Request: Using KWallet to store Cookies

Michael Leupold lemma at confuego.org
Sat Sep 18 08:41:54 BST 2010 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://svn.reviewboard.kde.org/r/4927/#review7675
-----------------------------------------------------------


Regarding the Secret Storage spec and a possible migration to ksecretservice later-on the storage format should be alright. However, I'd suggest changing it a little bit for further benefit:

I'd mangle the domain name and the cookie name into the entry key, eg. "reviewboard.kde.org|rbsessionid", and store each single cookie as an entry. Like this you could avoid saving cookie.name() as map entry keys over and over again. Further development could then easily include loading and storing cookies "on-the-fly", ie. you could load single cookies without having to load the whole domain. For the current use-case there shouldn't be a lot of overhead if you do it like this either.

As I don't know too much about cookies I don't know if it's "the right way" though, it just looks cleaner. Maybe someone with more experience could take a look and comment if that would make sense.


/trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.cpp
<http://svn.reviewboard.kde.org/r/4927/#comment7802>

    This should be "_isSecure"


- Michael


On 2010-09-14 18:45:54, José Millán Soto wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://svn.reviewboard.kde.org/r/4927/
> -----------------------------------------------------------
> 
> (Updated 2010-09-14 18:45:54)
> 
> 
> Review request for kdelibs.
> 
> 
> Summary
> -------
> 
> Currently cookies are stored in a plain text file. This patch allows KCookieJar to store the cookies securely using KWallet.
> 
> The main problem I had writing this patch was that when a web page is requested, KIO ask for the cookies to kded using dbus. In the first implementations that I wrote, if the user took too long to open the wallet, KIO received a dbus timeout.
> 
> To prevent this, if it takes more than 10 seconds to open the wallet, the web page will be requested without sending the cookies (or sending the available cookies if there's still the plain text cookie file). If the wallet is opened after that, the cookies stored in the wallet will be available since then.
> 
> Because of this, the feature is disabled by default.
> 
> 
> Diffs
> -----
> 
>   /trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespolicies.cpp 1175181 
>   /trunk/KDE/kdebase/apps/konqueror/settings/kio/kcookiespoliciesdlg.ui 1175181 
>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.h 1175181 
>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookiejar.cpp 1175181 
>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.h 1175181 
>   /trunk/KDE/kdelibs/kioslave/http/kcookiejar/kcookieserver.cpp 1175181 
> 
> Diff: http://svn.reviewboard.kde.org/r/4927/diff
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> José
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20100918/f517f75f/attachment.htm>

More information about the kde-core-devel mailing list