Bug 212261

Summary: Cookie SameSite option ignored if expires exceeds 7 days
Product: WebKit Reporter: Alexander Osin <alexander.osin>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED MOVED    
Severity: Normal CC: beidson, bfulgham, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: Safari 13   
Hardware: Unspecified   
OS: macOS 10.15   

Description Alexander Osin 2020-05-22 05:46:56 PDT 
Hello Webkit,


If I set cookie with 'expires' option set to 7 days from now, 'SameSite' option appears to be set as 'Strict'.

document.cookie = "test1=value;expires="+new Date(Date.now() + (7 * 24 * 60 * 60 * 1000)).toGMTString()+';secure;SameSite=Strict;';


If I set 'expires' option to something far from 7 days limit, 'SameSite' option appears as '---', despite it's being provided.

document.cookie = "test2=value;expires="+new Date(Date.now() + (365 * 24 * 60 * 60 * 1000)).toGMTString()+';secure;SameSite=Strict;';


Thank you,
Alexander
Comment 1 Radar WebKit Bug Importer 2020-05-25 12:14:24 PDT 
<rdar://problem/63603775>
Comment 2 Brent Fulgham 2022-02-10 13:57:56 PST 
The fix for this issue was needed outside the WebKit project, therefore this is being resolved as 'Moved'.

The fixed component is shipping in all current releases.