Correcting IE cookie add/delete logic

Author: jimevans

Diff for: cpp/iedriver/CommandHandlers/DeleteAllCookiesCommandHandler.h

@@ -47,8 +47,9 @@ class DeleteAllCookiesCommandHandler : public IECommandHandler {
     browser_wrapper->GetCookies(&cookies);
     std::vector<BrowserCookie>::const_iterator it = cookies.begin();
     for (; it != cookies.end(); ++it) {
-      std::string cookie_name = it->name();
-      status_code = browser_wrapper->DeleteCookie(cookie_name);
+      //std::string cookie_name = it->name();
+      //status_code = browser_wrapper->DeleteCookie(cookie_name);
+      status_code = browser_wrapper->DeleteCookie(*it);
       if (status_code != WD_SUCCESS) {
         response->SetErrorResponse(status_code,
                                    "Unable to delete cookie with name '" + it->name() + "'");

Diff for: cpp/iedriver/CommandHandlers/DeleteCookieCommandHandler.h

@@ -48,7 +48,10 @@ class DeleteCookieCommandHandler : public IECommandHandler {
       response->SetErrorResponse(status_code, "Unable to get browser");
       return;
     }
-    status_code = browser_wrapper->DeleteCookie(cookie_name);
+    //status_code = browser_wrapper->DeleteCookie(cookie_name);
+    BrowserCookie cookie;
+    cookie.set_name(cookie_name);
+    status_code = browser_wrapper->DeleteCookie(cookie);
     if (status_code != WD_SUCCESS) {
       response->SetErrorResponse(status_code, "Unable to delete cookie");
       return;

Diff for: cpp/iedriver/CookieManager.cpp

@@ -47,7 +47,18 @@ void CookieManager::Initialize(HWND window_handle) {
 
 bool CookieManager::SetCookie(const std::string& url, 
                               const std::string& cookie_data) {
+  return this->SetCookie(url, cookie_data, false);
+}
+
+bool CookieManager::SetCookie(const std::string& url, 
+                              const std::string& cookie_data,
+                              const bool is_httponly) {
   std::string full_data = url + "|" + cookie_data;
+  WPARAM set_flags = 0;
+  if (is_httponly) {
+    set_flags = INTERNET_COOKIE_HTTPONLY;
+  }
+
   HookSettings hook_settings;
   hook_settings.hook_procedure_name = "CookieWndProc";
   hook_settings.hook_procedure_type = WH_CALLWNDPROC;
@@ -57,7 +68,7 @@ bool CookieManager::SetCookie(const std::string& url,
   HookProcessor hook;
   hook.Initialize(hook_settings);
   hook.PushData(StringUtilities::ToWString(full_data));
-  ::SendMessage(this->window_handle_, WD_SET_COOKIE, NULL, NULL);
+  ::SendMessage(this->window_handle_, WD_SET_COOKIE, set_flags, NULL);
   int status = HookProcessor::GetDataBufferSize();
   if (status != 0) {
     return false;
@@ -153,8 +164,7 @@ int CookieManager::GetCookies(const std::string& url,
 }
 
 bool CookieManager::DeleteCookie(const std::string& url,
-                                 const std::string& cookie_name) {
-  
+                                 const BrowserCookie& cookie) {
   std::wstring wide_url = StringUtilities::ToWString(url);
   CComPtr<IUri> uri_pointer;
   ::CreateUri(wide_url.c_str(), Uri_CREATE_ALLOW_RELATIVE, 0, &uri_pointer);
@@ -169,56 +179,98 @@ bool CookieManager::DeleteCookie(const std::string& url,
 
   std::string domain = StringUtilities::ToString(wide_domain);
   std::string path = StringUtilities::ToString(wide_path);
-  return this->RecursivelyDeleteCookie(url, cookie_name, domain, path);
+  return this->RecursivelyDeleteCookie(url,
+                                       cookie.name(),
+                                       domain,
+                                       path,
+                                       cookie.is_httponly());
 }
 
+//bool CookieManager::DeleteCookie(const std::string& url,
+//                                 const std::string& cookie_name) {
+//  
+//  std::wstring wide_url = StringUtilities::ToWString(url);
+//  CComPtr<IUri> uri_pointer;
+//  ::CreateUri(wide_url.c_str(), Uri_CREATE_ALLOW_RELATIVE, 0, &uri_pointer);
+//
+//  CComBSTR host_bstr;
+//  uri_pointer->GetHost(&host_bstr);
+//  std::wstring wide_domain = host_bstr;
+//  
+//  CComBSTR path_bstr;
+//  uri_pointer->GetPath(&path_bstr);
+//  std::wstring wide_path = path_bstr;
+//
+//  std::string domain = StringUtilities::ToString(wide_domain);
+//  std::string path = StringUtilities::ToString(wide_path);
+//  return this->RecursivelyDeleteCookie(url, cookie_name, domain, path, false);
+//}
+
 bool CookieManager::RecursivelyDeleteCookie(const std::string& url,
                                             const std::string& name,
                                             const std::string& domain,
-                                            const std::string& path) {
+                                            const std::string& path,
+                                            const bool is_httponly) {
   // TODO: Optimize this path from the recursive to only
   // call setting the cookie as often as needed.
-  return this->RecurseCookiePath(url, name, "." + domain, path);
+  return this->RecurseCookiePath(url, name, "." + domain, path, is_httponly);
 }
 
 bool CookieManager::RecurseCookiePath(const std::string& url,
                                       const std::string& name,
                                       const std::string& domain,
-                                      const std::string& path) {
+                                      const std::string& path,
+                                      const bool is_httponly) {
   size_t number_of_characters = 0;
   size_t slash_index = path.find_last_of('/');
   size_t final_index = path.size() - 1;
-  if (slash_index == final_index && slash_index != 0) {
+  if (slash_index == final_index) {
     number_of_characters = slash_index;
+  } else {
+    number_of_characters = slash_index + 1;
   }
 
   if (slash_index != std::string::npos) {
-    bool deleted = this->RecurseCookiePath(url, name, domain, path.substr(0, number_of_characters));
+    bool deleted = this->RecurseCookiePath(url,
+                                           name,
+                                           domain,
+                                           path.substr(0, number_of_characters),
+                                           is_httponly);
   }
-  return this->RecurseCookieDomain(url, name, domain, path);
+  return this->RecurseCookieDomain(url, name, domain, path, is_httponly);
 }
 
 bool CookieManager::RecurseCookieDomain(const std::string& url,
                                         const std::string& name,
                                         const std::string& domain,
-                                        const std::string& path) {
-  bool deleted = this->DeleteCookie(url, name, domain, path);
+                                        const std::string& path,
+                                        const bool is_httponly) {
+  bool deleted = this->DeleteCookie(url, name, domain, path, is_httponly);
   if (!deleted) {
     size_t dot_index = domain.find_first_of('.');
     if (dot_index == 0) {
-      return this->RecurseCookieDomain(url, name, domain.substr(1), path);
+      return this->RecurseCookieDomain(url,
+                                       name,
+                                       domain.substr(1),
+                                       path,
+                                       is_httponly);
     } else if (dot_index != std::string::npos) {
-      return this->RecurseCookieDomain(url, name, domain.substr(dot_index), path);
+      return this->RecurseCookieDomain(url,
+                                       name,
+                                       domain.substr(dot_index),
+                                       path,
+                                       is_httponly);
     }
-    deleted = this->DeleteCookie(url, name, "", path);
+    deleted = this->DeleteCookie(url, name, "", path, is_httponly);
   }
   return deleted;
 }
 
 bool CookieManager::DeleteCookie(const std::string& url,
                                  const std::string& name,
                                  const std::string& domain,
-                                 const std::string& path) {
+                                 const std::string& path,
+                                 const bool is_httponly) {
   // N.B., We can hard-code the value and expiration time, since
   // we are deleting the cookie.
   std::string cookie_data = name;
@@ -232,7 +284,7 @@ bool CookieManager::DeleteCookie(const std::string& url,
     cookie_data.append(path);
   }
   cookie_data.append("; expires=Thu 1 Jan 1970 00:00:01 GMT");
-  return this->SetCookie(url, cookie_data);
+  return this->SetCookie(url, cookie_data, is_httponly);
 }
 
 void CookieManager::ReadPersistentCookieFile(const std::wstring& file_name,
@@ -526,6 +578,7 @@ LRESULT CALLBACK CookieWndProc(int nCode, WPARAM wParam, LPARAM lParam) {
     webdriver::HookProcessor::CopyWStringToBuffer(file_list);
     webdriver::HookProcessor::WriteBufferToPipe(driver_process_id);
   } else if (WD_SET_COOKIE == call_window_proc_struct->message) {
+    DWORD set_cookie_flags = static_cast<DWORD>(call_window_proc_struct->wParam);
     std::wstring cookie_data = webdriver::HookProcessor::CopyWStringFromBuffer();
     size_t url_separator_pos = cookie_data.find_first_of(L"|");
     std::wstring url = cookie_data.substr(0, url_separator_pos);
@@ -543,7 +596,11 @@ LRESULT CALLBACK CookieWndProc(int nCode, WPARAM wParam, LPARAM lParam) {
 
     // Leverage the shared data buffer size to return the error code
     // back to the driver, if necessary.
-    DWORD cookie_set = ::InternetSetCookieEx(parsed_uri.c_str(), NULL, cookie.c_str(), INTERNET_COOKIE_HTTPONLY, NULL);
+    DWORD cookie_set = ::InternetSetCookieEx(parsed_uri.c_str(),
+                                             NULL,
+                                             cookie.c_str(),
+                                             set_cookie_flags,
+                                             NULL);
     if (cookie_set) {
       webdriver::HookProcessor::SetDataBufferSize(0);
     } else {

Diff for: cpp/iedriver/CookieManager.h

@@ -36,6 +36,7 @@ class CookieManager {
   int GetCookies(const std::string& url,
                  std::vector<BrowserCookie>* all_cookies);
   bool SetCookie(const std::string& url, const std::string& cookie_data);
+  bool DeleteCookie(const std::string& url, const BrowserCookie& cookie);
   bool DeleteCookie(const std::string& url, const std::string& cookie_name);
 
  private:
@@ -52,19 +53,26 @@ class CookieManager {
   bool RecursivelyDeleteCookie(const std::string& url,
                                const std::string& name,
                                const std::string& domain,
-                               const std::string& path);
+                               const std::string& path,
+                               const bool is_httponly);
   bool RecurseCookiePath(const std::string& url,
                          const std::string& name,
                          const std::string& domain,
-                         const std::string& path);
+                         const std::string& path,
+                         const bool is_httponly);
   bool RecurseCookieDomain(const std::string& url,
                            const std::string& name,
                            const std::string& domain,
-                           const std::string& path);
+                           const std::string& path,
+                           const bool is_httponly);
   bool DeleteCookie(const std::string& url,
                     const std::string& name,
                     const std::string& domain,
-                    const std::string& path);
+                    const std::string& path,
+                    const bool is_httponly);
+  bool SetCookie(const std::string& url,
+                 const std::string& cookie_data,
+                 const bool is_httponly);
 
   HWND window_handle_;
 };

Diff for: cpp/iedriver/DocumentHost.cpp

@@ -250,11 +250,19 @@ int DocumentHost::AddCookie(const std::string& cookie,
   return WD_SUCCESS;
 }
 
-int DocumentHost::DeleteCookie(const std::string& cookie_name) {
+//int DocumentHost::DeleteCookie(const std::string& cookie_name) {
+//  LOG(TRACE) << "Entering DocumentHost::DeleteCookie";
+//  // TODO: Optimize and return legitimate error conditions.
+//  bool deletesucceeded = this->cookie_manager_->DeleteCookie(this->GetCurrentUrl(),
+//                                                             cookie_name);
+//  return WD_SUCCESS;
+//}
+
+int DocumentHost::DeleteCookie(const BrowserCookie& cookie) {
   LOG(TRACE) << "Entering DocumentHost::DeleteCookie";
   // TODO: Optimize and return legitimate error conditions.
   bool deletesucceeded = this->cookie_manager_->DeleteCookie(this->GetCurrentUrl(),
-                                                             cookie_name);
+                                                             cookie);
   return WD_SUCCESS;
 }
 

Diff for: cpp/iedriver/DocumentHost.h

@@ -68,7 +68,8 @@ class DocumentHost {
 
   void GetCookies(std::vector<BrowserCookie>* cookies);
   int AddCookie(const std::string& cookie, const bool validate_document_type);
-  int DeleteCookie(const std::string& cookie_name);
+  //int DeleteCookie(const std::string& cookie_name);
+  int DeleteCookie(const BrowserCookie& cookie);
 
   int SetFocusedFrameByIndex(const int frame_index);
   int SetFocusedFrameByName(const std::string& frame_name);

Diff for: cpp/iedriverserver/CHANGELOG

@@ -9,6 +9,10 @@ available via the project downloads page. Changes in "revision" field indicate
 private releases checked into the prebuilts directory of the source tree, but
 not made generally available on the downloads page.
 
+v2.46.0.5
+=========
+ * Corrected cookie add/delete logic with respect to HTTP-only cookies.
+
 v2.46.0.5
 =========
  * Updates to JavaScript automation atoms.