KIO / KWebView and PrivateBrowsing (Cookies)

Alex Fiestas afiestas at kde.org
Tue Apr 24 09:02:28 BST 2012


On Monday, April 23, 2012 07:38:16 PM Dawit A wrote:
> None of this is necessary. What should happen in private browsing mode is
> the "cookies" metadata should be set to "manual" to disable cookie handling
> kio_http. The KIO::Integration::AccessManager can be modified to send its
> own cookie header instead. This would give you want you want. I have
> attached an untested patch that does just that. Test it and let me know if
> it works okay for you.
Wow! kdelibs is full of awesomess, I get how this work now.
 
> The only question I have and which the patch does not address is whether or
> not cookies stored outside of the private-browsing mode should be used
> (read: sent back to the server) during private browsing mode. Reading the
> up on the definition of private browsing mode, it seems to me that we
> should only stop saving information once in private browsing mode, not stop
> sending data that was previously stored before "private browsing mode" was
> initiated.

Actually we should not send any data we currently have stored since that data 
can be used to identify the user and that will break any hope of private 
browsing. Perfect example is a cookie that authenticate the user with a web 
service such gmail or evil Google tracking what searches we do.

Chromium, Firefox and Opera have this behavior as well (they start with an 
empty cookiejar).

Going to take a look at your patch and try to figure something out.

Big Thanks !




More information about the kde-core-devel mailing list