| Summary: | couldn't get cookie by js, and the cookie from a request header which including set-cookie | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Xin-U, Liu <cacocacoon> | ||||
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> | ||||
| Status: | NEW --- | ||||||
| Severity: | Major | CC: | achristensen, beidson, cdumez, webkit-bug-importer, wilander | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | Safari 13 | ||||||
| Hardware: | All | ||||||
| OS: | macOS 10.15 | ||||||
| Attachments: |
|
||||||
This sounds like something CFNetwork should look at. Or possibly Chris Dumez with the recent changes to document.cookie. If calling same request again, which includes the XSRF-TOKEN cookie, but not show on web inspector Comment on attachment 406777 [details]
my test website page
delete
Hi, I was stuck by this issue for a long time. Does anyone have any feedback? (In reply to Xin-U, Liu from comment #5) > Hi, > I was stuck by this issue for a long time. > Does anyone have any feedback? If you had a live test case that worked as expected in another browser but is broken in Safari, that'd go a long way in helping to explore it. |
Created attachment 406777 [details] my test website page Hi, I found a cookie bug which behavior is weird, and it happens on safari and chrome on iOS device current behavior: 1. open safari, and set safari preferences of "safari opens with" to "all windows from last session" 2. create new page like below attachment 3. create a new tab than making a request to server on the page, server responses data which includes set-cookie header like below ` Set-Cookie: XSRF-TOKEN=767e3675-d094-4af5-a9ab-330529151523; Domain=fleet.dev.aaa.com; Path=/; Secure; SameSite=Strict ` and obviously I can read XSRF-TOKEN by calling `document.cookie` 4. close whole browser by using shortcut key `command + Q`, and open safari again 5. then call the request again, server also responses data which includes set-cookie header like below ` Set-Cookie: XSRF-TOKEN=767e3675-d094-4af5-a9ab-330529151523; Domain=fleet.dev.aaa.com; Path=/; Secure; SameSite=Strict ` 6. and you will find that js can't read XSRF-TOKEN by calling `document.cookie` I found that js can't read XSRF-TOKEN because the page restored from last session, but js can read XSRF-TOKEN because the page opened from a whole new tab