Browser: Remove expired cookies from the CookieJar

The spec doesn't have any exact steps here, it just notes: The user agent MUST evict all expired cookies from the cookie store if, at any time, an expired cookie exists in the cookie store. Here, we implement "at any time" as "when a cookie is retrieved or stored".
2025-07-26 14:47:35 +00:00 · 2021-04-13 12:28:39 -04:00 · 2021-04-13 12:28:39 -04:00 · cc7c86fdf4
commit cc7c86fdf4
parent 329e6252e9
2 changed files with 20 additions and 2 deletions
--- a/Userland/Applications/Browser/CookieJar.cpp
+++ b/Userland/Applications/Browser/CookieJar.cpp
@ -45,8 +45,10 @@ struct ParsedCookie {
    bool http_only_attribute_present { false };
 };

-String CookieJar::get_cookie(const URL& url) const
+String CookieJar::get_cookie(const URL& url)
 {
+    purge_expired_cookies();
+
    auto domain = canonicalize_domain(url);
    if (!domain.has_value())
        return {};
@ -76,6 +78,7 @@ void CookieJar::set_cookie(const URL& url, const String& cookie_string)
        return;

    store_cookie(parsed_cookie.value(), url, move(domain.value()));
+    purge_expired_cookies();
 }

 void CookieJar::dump_cookies() const
@ -549,4 +552,18 @@ void CookieJar::store_cookie(ParsedCookie& parsed_cookie, const URL& url, String
    m_cookies.set(key, move(cookie));
 }

+void CookieJar::purge_expired_cookies()
+{
+    time_t now = Core::DateTime::now().timestamp();
+    Vector<CookieStorageKey> keys_to_evict;
+
+    for (const auto& cookie : m_cookies) {
+        if (cookie.value.expiry_time.timestamp() < now)
+            keys_to_evict.append(cookie.key);
+    }
+
+    for (const auto& key : keys_to_evict)
+        m_cookies.remove(key);
+}
+
 }