When you clear cookie (using regular Set-Cookie header with expiration in the past) with different configuration than how you set the cookies (HttpOnly configuration in our case), the cookie does not get cleared in the document.cookie JS API. This is what happens: - JavaScript document.cookie still has the unset cookies (incorrect) - HTTP Cookie header is not sending the unset cookies (correct) - When opening the same URL to new window, the document.cookie does not have the unset cookies (correct) Repro example - First set cookie with header `Set-Cookie: test=yes; Max-Age=1000000; path=/` - Observe that - document.cookie has `test` cookie - Cookie header sends `test` cookie - Then clear cookie with header `Set-Cookie: test=deleted; Max-Age=0; path=/; HttpOnly;` < notice the extra HttpOnly settings - Observe that - document.cookie still has `test` cookie (incorrect) - Cookie header does not send `test` cookie (correct) - When opening new tab on the same URL, the document.cookie does NOT have `test` cookie (correct) Video how it looks like: https://twitter.com/PetrHurtak/status/1588466286191063042 Reproduction example repository: https://github.com/Hurtak/safari-redirect-cookies-test I am able to reproduce this on - MacOS Safari 15.5 - MacOS Safari Technology Preview 16.4 - iOS 16 Safari
This looks like an issue below WebKit. Can you confirm that this works as you expect in other browsers? However, WebKit seems to have a similar issue for HttpOnly, based on code inspection, as parseDOMCookie() returns nil for these, and thus NetworkStorageSession::setCookiesFromDOM() has an early return.
(In reply to Alexey Proskuryakov from comment #1) > This looks like an issue below WebKit. Can you confirm that this works as > you expect in other browsers? > > However, WebKit seems to have a similar issue for HttpOnly, based on code > inspection, as parseDOMCookie() returns nil for these, and thus > NetworkStorageSession::setCookiesFromDOM() has an early return. I can confirm that on desktop Chrome it works
<rdar://problem/102235421>