gorhill
Timing of cookie removal: configurable?
This is what I was trying to post as an answer in Chrome webstore, but the webstore keep saying "There was a problem completing the request. Please try again later."... Anyways, here:
Originally I was intercepting and removing the cookies before they where persisted by the browser, however this was complicated:
One Set-cookie directive can be used for many cookies, which forced me to manually parse the cookies (overhead), and this code was flaky. On top of that I found out that there is such a thing as binary cookies now, which also had to be decoded before parsing (more overhead). Aside the flakiness of the parsing code (parsing cookies is complicated business if you want to do it robustly), this was adding a lot of overhead, and knowing that a set-cookie directive could be used for all requests (images, css files, etc etc), I decided to scrap the preemptive removal: code got significantly simpler and more robust (the browser has already all the code to parse internally, so why not leverage it?), and in any case, what I find the most important is to know exactly what cookie is being installed on my machine, and to prevent these cookies from leaving the browser. This is what is happening now.
The timing for removal of cookies from a web page you visit is currently arbitrarily hardcoded to 5 minutes, and the cleaning of part or all of whatever cookies is already sitting in your machine is 15 minutes. I suppose this could be configurable, but up to a point: there is a good overhead in doing this stuff (I still need to profile more).
I will enter an issue in github to consider and give more thought about having the time frame of cookie removal being configurable by user.