[tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 6 17:37:54 UTC 2015 

#14059: Revision of existing double key cookie logic to meet requirements
-------------------------+-------------------------------------------------
     Reporter:  michael  |      Owner:  michael
         Type:  defect   |     Status:  needs_information
     Priority:  normal   |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  TorBrowserTeam201502R,
   Resolution:           |  GeorgKoppen201502R
Actual Points:           |  Parent ID:  #3246
       Points:           |
-------------------------+-------------------------------------------------

Comment (by michael):

 Replying to [comment:15 gk]:
 > 2) CookieServiceParent.cpp: "Method is called nowhere" is not correct
 (anymore). CookieService* are for e10s (see:
 https://bugzilla.mozilla.org/show_bug.cgi?id=537156) which is already on
 Mozilla's dev channels activated. Eventually we need to port double keying
 to it, too. But at least the comment should make that clear.
 >
 Yes, and there are [https://bugzilla.mozilla.org/show_bug.cgi?id=1128457
 other e10s RecvGetCookieString] related things. I'll simply improve the
 comment (stating e10s incompatibility) as I think your comment implied.

 I'm not sure how stable the e10s architecture is to influence current Tor
 Browser party isolation features, do you know? My gut feeling is that
 finishing on the ESR arch early would boost later e10s completion.
 [[br]]
 > 3) nsICookie2.idl: Why is `aOrigin` of type `ACString` and not
 `AUTF8String` (like `host`, `rawHost` etc.)?
 >
 Most host string variables in implementation files are of type
 `nsACString` or `nsCString` which implies the IDL variables should use
 `ACString`. I assumed that's why you and Dan Witte made it `ACString`, but
 I agree that there should be some conformance.

 Too bad there's so much AUTF8String already in nsCookie (frozen I think)
 so I'll change `origin` to be of type `AUTF8String` to conform.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14059#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list