Do not delete cookies which are allowed in at least one scope

[gorhill]

As per Chrome store feedback. This makes more sense, I don't know why I did it the way it is currently done. Even if the scope is not in use, HTTPSB shouldn't delete a cookie which could be used by that scope in the future.

A cookie sitting on the computer causes no harm, it's their sending to a remote host which causes harm, and if a cookie is whitelisted in at least one scope, it's best to let it sit locally as it will be reused as per user's choice later. This cookie won't be sent to remote hosts outside the scope where it is whitelisted, that's the important part.

[gorhill]

Not as obvious as it appears at first... What when one of the scope allows everything? This means all cookies (except those from expressly blacklisted hostnames) would be seen as "used" by such a scope...

[gorhill]

Looks like this will need some compromise. As said above, if a scope allows all cookies (cookie|*), this means any cookie would be seen as being potentially used by such a scope, and thus the cookie won't be deleted.

To recapitulate the state of affairs... Currently it works this way:

• For each cookie candidate for deletion, a cookie won't be deleted if:
  • A current web page refers to the cookie domain;
  • And the cookie domain for this web page (taking into account scope) is whitelisted

This means: If a web page which was preventing the deletion of a cookie (as per above rules) is closed, these rules are no longer fullfiilled, and thus the cookie is deleted.

However I did agree with the user who orginally reported the issue: If the cookie is whitelisted somewhere in the rules, do not delete it. The existence of the cookie should not depend only on an existing web page referring to it, but also whether the cookie might be reused once the web page which uses it is reloaded. Many cookies contain user prefs such as language selection, location, etc, and many users will be displeased if HTTPSB deletes these cookies after they have been whitelisted.

So, here is what I think so far:

1. Keep the above logic;
2. If above logic results in cookie being cleared for deletion:
   • For each scope which domain matches cookie domain:
     • If cookie is whitelisted for scope:
       • Prevent cookie deletion.

I wish I could rely only on step 2., but step 1 above is necessary to keep 3rd-party cookies which are whitelisted for a particular web page. However these 3rd-party cookies would be deleted once the web page is closed, there is no way around this. ("3rd-party" means anything which do not match the domain name of a scope, so facebook.net is 3rd-party to facebook.com).

I worry about overhead of executing above code for each cookie. I might decide to lower the number of cookies processed in each batch, and to delay more the processing. Will see.

[gorhill]

Fixed in 17974e0