CookieMonster::DeleteCanonicalCookie: use the proper key
Creation time is no longer unique (not that it ever was);
(domain,path,key) is (as it's long been).
Bug: 826322
Change-Id: I433fe3ceffd2b2cfeb5c27c7af0033d69e76301c
Reviewed-on: https://chromium-review.googlesource.com/984514
Reviewed-by: Matt Menke <[email protected]>
Reviewed-by: Victor Costan <[email protected]>
Commit-Queue: Maks Orlovich <[email protected]>
Cr-Commit-Position: refs/heads/master@{#548762}diff --git a/net/cookies/cookie_monster.cc b/net/cookies/cookie_monster.cc
index ee28f640..e7a6f32b 100644
--- a/net/cookies/cookie_monster.cc
+++ b/net/cookies/cookie_monster.cc
@@ -810,8 +810,14 @@
uint32_t result = 0u;
for (CookieMapItPair its = cookies_.equal_range(GetKey(cookie.Domain()));
its.first != its.second; ++its.first) {
- // The creation date acts as the unique index...
- if (its.first->second->CreationDate() == cookie.CreationDate()) {
+ const std::unique_ptr<CanonicalCookie>& candidate = its.first->second;
+ // Historically, this has refused modification if the cookie has changed
+ // value in between the CanonicalCookie object was returned by a getter
+ // and when this ran. The later parts of the conditional (everything but
+ // the equivalence check) attempt to preserve this behavior.
+ if (candidate->IsEquivalent(cookie) &&
+ candidate->CreationDate() == cookie.CreationDate() &&
+ candidate->Value() == cookie.Value()) {
InternalDeleteCookie(its.first, true, DELETE_COOKIE_EXPLICIT);
result = 1u;
break;
