Cookies
This document describes how to work with cookies.
Overview
Molybden does not interfere with how cookies work in Chromium. Chromium decides how to download cookies from a web server, extract them from the HTTP headers, and store them.
The Cookies
service allows you to get, modify, and remove cookies.
The Cookie
class provides information on a particular cookie.
To obtain the Cookies service for a specific Profile
use the
Profile::cookies()
method:
auto cookies = profile->cookies();
Supported protocols
Molybden supports cookies that are sent using the following protocols:
- HTTP
- HTTPS
- WS (WebSocket)
- WSS (Secured WebSocket)
If a cookie is sent using a protocol that is not on the list, it will not be stored in the cookie storage.
Working with cookies
Molybden supports the following kinds of cookies:
- Persistent cookies. These are stored in the Chromium user data directory. If you delete the Chromium user data directory, all the persistent cookies will be removed.
- Session cookies. These are stored in the application memory. These cookies will be removed automatically when the application is terminated.
- Secure cookies. These can only be transmitted over an encrypted connection, i.e. HTTPS. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
- HttpOnly cookies. These cannot be accessed by the client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS). However, the cookie remains vulnerable to cross-site tracing (XST) and cross-site request forgery (XSRF) attacks.
When you modify cookies, use the Cookies::persist() method to save the changes.
Getting cookies
To get all cookies, use the Cookies::list() method:
auto cookies = profile->cookies()->list();
for (auto cookie : cookies) {
std::cout << "name = " << cookie.name << std::endl;
}
Similarly, you can get all cookies by a URL:
auto cookies = profile->cookies()->list("https://www.google.com");
Creating cookies
Persistent
To create a persistent cookie with an expiration time use the following code:
Cookie cookie(".google.com");
cookie.creation_time = creationTime;
cookie.expiration_time = expirationTime;
cookie.name = "cookie name";
cookie.value = "cookie value";
cookie.path = "/";
cookies->setCookie(cookie);
cookies->persist();
Session
To create a session cookie use the following code:
Cookie cookie(".google.com");
cookie.name = "cookie name";
cookie.value = "cookie value";
cookie.path = "/";
cookies->setCookie(cookie);
cookies->persist();
Deleting cookies
To delete all cookies use the Cookies::deleteAll()
method:
cookies->deleteAll();
cookies->persist();
To delete one cookie, use the Cookies::deleteCookie()
method.
The following code deletes all cookies one by one:
auto cookies = profile->cookies();
for (auto cookie : cookies->list()) {
cookies->deleteCookie(cookie);
}
cookies->persist();
Suppressing cookies
You can control all incoming and outgoing cookies using the delegates of the Network.
To suppress the incoming cookies use the following code:
network->onCanSetCookie = [](const CanSetCookieArgs& args,
CanSetCookieAction action) {
action.cannot();
};
To suppress the outgoing cookies use the following code:
network->onCanGetCookies = [](const CanGetCookiesArgs& args,
CanGetCookiesAction action) {
action.cannot();
};
Encryption
Molybden supports the cookie encryption by default. It uses the Chromium cookies encryption routines, so the cookies are stored exactly as in Chromium.
Linux
On Linux, Chromium uses GNOME Keyring or KWallet to encrypt cookies. Chromium automatically chooses which store to
use. You can manually specify which store to use via an appropriate option when constructing the App
.
For example:
AppOptions options;
options.password_store_type = PasswordStoreType::kGnomeKeyring;
App::init(options, [](std::shared_ptr<App> app) {
// ...
});
Windows
On Windows, Molybden uses only DPAPI to encrypt cookies. There are no alternatives at the moment.
macOS
On macOS, Molybden uses the private key stored with the Keychain Application to encrypt cookies with AES encryption.