cookie 🍪 conundrum #146
Comments
|
If you guys are busy I can make a PR but I'll wait to hear your thoughts first |
- setCookies(link, cookieName, cookieValue);
+ setCookies(origin, cookieName, cookieValue);This seems to work for my use case at least - so I'm unblocked. Would probably be best to tidy everything up properly though. |
|
Actually the example I gave can work if you use the glob pattern "https://example.com/profile". But it still doesn't work when the URL contains an ephemeral session token path parameter like In this case, if you use the glob pattern |
The cookie situation seems quite messy.
Firstly is there a reason why we don't use the chrome.cookies API instead of saving them from request listeners?
Anyways here is the situation:
The signature of the following
setCookies()function implies that it will be saved in the sublevel corresponding to the host - not the URL.tlsn-extension/src/entries/Background/db.ts
Lines 333 to 338 in 1c9f340
However, currently the full URL is passed to
setCookiestlsn-extension/src/entries/Background/handlers.ts
Line 30 in 1c9f340
To compensate for this, the rather confusing function
getCookiesByHost()takes a full URL and returns the cookies for the first URL it finds in the cookiesDb where the given host matches.tlsn-extension/src/entries/Background/db.ts
Lines 356 to 376 in 1c9f340
Aside from being confusing and complicated, this approach actually doesn't work at all for some use cases, for example:
getCookiesByHost('example.com)will NOT return the auth cookie because it will return the cookies that were associated with only the URL https://example.com before you authenticated (the first match).This includes my use case, so I'm currently blocked.
Anyways I don't think it makes any sense at all to associate cookies with URL's. It should be per domain.
The text was updated successfully, but these errors were encountered: