Add session history markdown documentation.
This CL adds session_history.md to explain how NavigationController tracks the back/forward history in each tab. BUG=1015882 Change-Id: I48d7143b513b049ea100ab7efe7d8cc8c41b2cc3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2225373 Commit-Queue: Charlie Reis <creis@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#778546}
This commit is contained in:
Charlie Reis
125
docs/session_history.md
Normal file
125
docs/session_history.md
Normal file
@ -0,0 +1,125 @@
|
||||
# Session History
|
||||
|
||||
A browser's session history keeps track of the navigations in each tab, to
|
||||
support back/forward navigations and session restore. This is in contrast to
|
||||
"history" (e.g., `chrome://history`), which tracks the main frame URLs the user
|
||||
has visited in any tab for the lifetime of a profile.
|
||||
|
||||
Chromium tracks the session history of each tab in NavigationController, using a
|
||||
list of NavigationEntry objects to represent the joint session history items.
|
||||
Each frame creates _session history items_ as it navigates. A _joint session
|
||||
history item_ contains the state of each frame of a page at a given point in
|
||||
time, including things like URL, partially entered form data, scroll position,
|
||||
etc. Each NavigationEntry uses a tree of FrameNavigationEntries to track this
|
||||
state.
|
||||
|
||||
[TOC]
|
||||
|
||||
|
||||
## Pruning Forward Navigations
|
||||
|
||||
If the user goes back and then commits a new navigation, this essentially forks
|
||||
the joint session history. However, joint session history is tracked as a list
|
||||
and not as a tree, so the previous forward history is "pruned" and forgotten.
|
||||
This pruning is performed for all new navigations, unless they commit with
|
||||
replacement.
|
||||
|
||||
|
||||
## Subframe Navigations
|
||||
|
||||
When the first commit occurs within a new subframe of a document, it becomes
|
||||
part of the existing joint session history item (which we refer to as an "auto
|
||||
subframe navigation"). The user can't go back to the state before the frame
|
||||
committed. Any subsequent navigations in the subframe create new joint session
|
||||
history items (which we refer to as "manual subframe navigations"), such that
|
||||
clicking back goes back within the subframe.
|
||||
|
||||
|
||||
## Navigating with Replacement
|
||||
|
||||
Some types of navigations can replace the previously committed joint session
|
||||
history item for a frame, rather than creating a new item. These include:
|
||||
|
||||
* `location.replace` (which is usually cross-document, unless it is a fragment
|
||||
navigation)
|
||||
* `history.replaceState` (which is always same-document)
|
||||
* Client redirects
|
||||
* The first non-blank URL after the initial empty document (unless the frame
|
||||
was explicitly created with `about:blank` as the URL).
|
||||
|
||||
|
||||
## Identifying Same- and Cross-Document Navigations
|
||||
|
||||
Each FrameNavigationEntry contains both an _item sequence number_ (ISN) and a
|
||||
_document sequence number_ (DSN). Same-document navigations create a new session
|
||||
history item without changing the document, and thus have a new ISN but the same
|
||||
DSN. Cross-document navigations create a new ISN and DSN. NavigationController
|
||||
uses these ISNs and DSNs when deciding which frames need to be navigated during
|
||||
a session history navigation, using a recursive frame tree walk in
|
||||
`FindFramesToNavigate`.
|
||||
|
||||
|
||||
## Classifying Navigations
|
||||
|
||||
Much of the complexity in NavigationController comes from the bookkeeping needed
|
||||
to track the various types of navigations as they commit (e.g., same-document vs
|
||||
cross-document, main frame vs subframe, with or without replacement, etc). These
|
||||
types may lead to different outcomes for whether a new NavigationEntry is
|
||||
created, whether an existing one is updated vs replaced, and what events are
|
||||
exposed to observers. This is handled by `ClassifyNavigation`, which determines
|
||||
which `RendererDidNavigate` helper methods are used when a navigation commits.
|
||||
|
||||
|
||||
## Persistence
|
||||
|
||||
The joint session history of a tab is persisted so that tabs can be restored
|
||||
(e.g., between Chromium restarts, after closing a tab, or on another device).
|
||||
This requires serializing the state in each NavigationEntry and its tree of
|
||||
FrameNavigationEntries, using a PageState object and other metadata.
|
||||
|
||||
Not everything in NavigationEntry is persisted. All data members of
|
||||
NavigationEntryImpl and FrameNavigationEntry should be documented with whether
|
||||
they are preserved after commit and whether they need to be persisted.
|
||||
|
||||
Note that the session history of a tab can also be cloned when duplicating a
|
||||
tab, or when doing a back/forward/reload navigation in a new tab (such as when
|
||||
middle-clicking the back/forward/reload button). This involves direct clones of
|
||||
NavigationEntries rather than persisting and restoring.
|
||||
|
||||
## Invariants
|
||||
|
||||
* The `pending_entry_index_` is either -1 or an index into `entries_`. If
|
||||
`pending_entry_` is defined and `pending_entry_index_` is -1, then it is a
|
||||
new navigation. If `pending_entry_index_` is a valid index into `entries_`,
|
||||
then `pending_entry_` must point to that entry and it is a session history
|
||||
navigation.
|
||||
* Newly created tabs have NavigationControllers with `is_initial_navigation_`
|
||||
set to true. They can have `last_committed_entry_index_` defined before the
|
||||
first commit, however, when session history is cloned from another tab. (In
|
||||
this case, `pending_entry_index_` indicates which entry is going to be
|
||||
restored during the initial navigation.)
|
||||
* Every FrameNavigationEntry that has committed in the current session (as
|
||||
opposed to those that have been restored) must have a SiteInstance.
|
||||
* A renderer process can only update FrameNavigationEntries belonging to a
|
||||
SiteInstance in that process. This especially includes attacker-controlled
|
||||
data like PageState, which could be dangerous to load into a different
|
||||
site's process.
|
||||
* Any cross-SiteInstance navigation should result in a new NavigationEntry
|
||||
with replacement, rather than updating an existing NavigationEntry.
|
||||
|
||||
|
||||
## Caveats
|
||||
|
||||
* Not every NavigationRequest has a pending NavigationEntry. For example,
|
||||
subframe navigations do not, and renderer-initiated main frame navigations
|
||||
may clear an existing browser-initiated pending NavigationEntry (using
|
||||
PendingEntryRef) without replacing it with a new one.
|
||||
* Some main frame documents may not have a corresponding NavigationEntry
|
||||
even after commit (e.g., the initial empty document, per
|
||||
[issue 524208](https://crbug.com/524208)).
|
||||
* Some subframe documents may not have a corresponding FrameNavigationEntry
|
||||
after commit (e.g., see [issue 608402](https://crbug.com/608402)).
|
||||
* FrameNavigationEntries should be shared between NavigationEntries when they
|
||||
do not change (e.g., to support history.replaceState after subframe
|
||||
navigations), but this is not yet supported.
|
||||
See [issue 373041](https://crbug.com/373041).
|
||||
Reference in New Issue
Block a user