Skip to content

Option to disable cookie database locking#9

Open
Aven-dev wants to merge 3 commits intosecondlife:masterfrom
Aven-dev:master
Open

Option to disable cookie database locking#9
Aven-dev wants to merge 3 commits intosecondlife:masterfrom
Aven-dev:master

Conversation

@Aven-dev
Copy link

@Aven-dev Aven-dev commented Jun 20, 2025

Solving issue: https://feedback.secondlife.com/web-bugs/p/search-asks-me-to-accept-cookies-each-time-i-launch-client

Chrome 114 added a security measure for Windows systems that prevents malware from stealing cookie or session information, by maintaining a file lock on the corresponding database files.

This security measure is not good for applications like SecondLife that spawn multiple Dullahan processes per instance per profile. Cookies are not remembered between Dullahan sessions, prompting users with cookie walls and logged out sessions every single time.

This pull request disables that security measure by default, to restore it to pre-Chrome 114 behavior, and adds to option to restore the security measure by setting disable_cookie_database_locking = false in the CEF settings.

@Aven-dev Aven-dev marked this pull request as draft June 24, 2025 13:07
@Aven-dev
Copy link
Author

Aven-dev commented Jun 25, 2025

@callumlinden I'm only able to build this project against CEF 112 on Windows, but my current viewer Firestorm uses CEF 118. Building against any other version leads to override signature mismatches. Is this project now being maintained elsewhere?

If so, LockProfileCookieDatabase needs to be added to disable-features in order to fix the reported issue (as I tried with this PR), or viewers needs to close the Dullahan instance that gets opened for the user's profile (not the "undefined" one) right after login. After spawning in-world I didn't observe the PID of that instance doing any file operations with ProcMon, so it should be safe to.

@toastercup toastercup requested review from a team, Geenz and callumlinden July 24, 2025 22:20
Aven-dev added 3 commits March 24, 2026 18:09
@Aven-dev
Option to disable cookie database locking (set to enabled by default;…
996609d 
… pre-Chrome 114 behavior).
@Aven-dev
Code formatting
f2d2b28
@Aven-dev
Build the disable-features comma-separated list in place instead of t…
c246fca 
…he original intend to have it as a function that was also missing from the initial commit.
@Aven-dev Aven-dev marked this pull request as ready for review March 24, 2026 20:55
@Aven-dev
Copy link
Author

Aven-dev commented Mar 24, 2026

Tested against the latest commit and CEF 138 and working.

It won't magically fix the issue that SecondLife has. They will have to update the command line when spawning Dullahan processes from --disable-features=AudioServiceOutOfProcess to --disable-features=AudioServiceOutOfProcess,LockProfileCookieDatabase. That also means SecondLife doesn't need this patch.

When exploring the code base I spotted another issue: in dullahan_impl_windows.cpp there is the code command_line->AppendSwitchWithValue("disable-features", "AudioServiceOutOfProcess");. This won't do as dullahan_impl::OnBeforeCommandLineProcessing can already write the "disable-features" parameter, and only one may exist (last specified wins). Values have to be merged.

// Features can be explicitly forced on or off by specifying a list of comma-
// separated feature names via the following command-line flags:
//
//   --enable-features=Feature5,Feature7
//   --disable-features=Feature1,Feature2,Feature3

source

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Geenz Geenz Awaiting requested review from Geenz

@callumlinden callumlinden Awaiting requested review from callumlinden

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Aven-dev