Bug 774011 – Deleting all cookies leaves SQLite database on disk (including .sqlite-shm and .sqlite-wal files)

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 774011 - Deleting all cookies leaves SQLite database on disk (including .sqlite-shm and .sqlite-wal files)


Summary:	Deleting all cookies leaves SQLite database on disk (including .sqlite-shm an...


Status:	RESOLVED NOTABUG

Product:	libsoup
Classification:	Core
Component:	API
Version:	2.56.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	libsoup-maint@gnome.bugs
QA Contact:	libsoup-maint@gnome.bugs

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-11-06 16:41 UTC by Michael Catanzaro
Modified:	2017-01-15 14:57 UTC

See Also:	https://bugs.webkit.org/show_bug.cgi?id=166029
GNOME target:	---
GNOME version:	---

Description Michael Catanzaro 2016-11-06 16:41:12 UTC

We have the following code in WebKit in SoupCookieJar.cpp:

void deleteAllCookies(const NetworkStorageSession& session)
{
    SoupCookieJar* cookieJar = cookieJarForSession(session);
    GUniquePtr<GSList> cookies(soup_cookie_jar_all_cookies(cookieJar));
    for (GSList* item = cookies.get(); item; item = g_slist_next(item)) {
        SoupCookie* cookie = static_cast<SoupCookie*>(item->data);
        soup_cookie_jar_delete_cookie(cookieJar, cookie);
        soup_cookie_free(cookie);
    }
}

It gets executed when cookies are cleared by Epiphany. Unfortunately it seems libsoup does nothing to remove the SQLite database cookies.sqlite, cookies.sqlite-shm, and cookies.sqlite-wal. We have a recent WebKit CVE for the .sqlite-shm and .sqlite-wal files not being deleted when clearing local storage; same issue applies here. Either libsoup should clean up all three files when the last cookie has been deleted, or it should grow API for doing so.

Comment 1 Dan Winship 2016-11-06 17:37:32 UTC

I think deleting all the db files only makes sense in the context of a "Clear Personal Data" sort of operation, and not necessarily every time the cookie jar happens to be empty. So I don't think this should happen automatically. There could be a "soup_cookie_jar_delete()" command, perhaps.

(FWIW, a user might also imagine that they could manually delete only certain cookies, and have those cookies be obliterated from the disk. Perhaps we ought to be running sqlite with some option that makes it guarantee it will actually erase old data?)

Comment 2 Michael Catanzaro 2016-11-06 19:44:20 UTC

(In reply to Dan Winship from comment #1)
> (FWIW, a user might also imagine that they could manually delete only
> certain cookies, and have those cookies be obliterated from the disk.
> Perhaps we ought to be running sqlite with some option that makes it
> guarantee it will actually erase old data?)

Yeah, this is certainly what any reasonable user would expect. It's news to me that this wasn't already the case.

Comment 3 Michael Catanzaro 2017-01-15 13:35:46 UTC

It looks like libsoup already does this, but only when the SoupCookieJar is freed.