Created attachment 406777 [details] my test website page Hi, I found a cookie bug which behavior is weird, and it happens on safari and chrome on iOS device current behavior: 1. open safari, and set safari preferences of "safari opens with" to "all windows from last session" 2. create new page like below attachment 3. create a new tab than making a request to server on the page, server responses data which includes set-cookie header like below ` Set-Cookie: XSRF-TOKEN=767e3675-d094-4af5-a9ab-330529151523; Domain=fleet.dev.aaa.com; Path=/; Secure; SameSite=Strict ` and obviously I can read XSRF-TOKEN by calling `document.cookie` 4. close whole browser by using shortcut key `command + Q`, and open safari again 5. then call the request again, server also responses data which includes set-cookie header like below ` Set-Cookie: XSRF-TOKEN=767e3675-d094-4af5-a9ab-330529151523; Domain=fleet.dev.aaa.com; Path=/; Secure; SameSite=Strict ` 6. and you will find that js can't read XSRF-TOKEN by calling `document.cookie` I found that js can't read XSRF-TOKEN because the page restored from last session, but js can read XSRF-TOKEN because the page opened from a whole new tab
<rdar://problem/67331868>
This sounds like something CFNetwork should look at. Or possibly Chris Dumez with the recent changes to document.cookie.
If calling same request again, which includes the XSRF-TOKEN cookie, but not show on web inspector
Comment on attachment 406777 [details] my test website page delete
Hi, I was stuck by this issue for a long time. Does anyone have any feedback?
(In reply to Xin-U, Liu from comment #5) > Hi, > I was stuck by this issue for a long time. > Does anyone have any feedback? If you had a live test case that worked as expected in another browser but is broken in Safari, that'd go a long way in helping to explore it.