This is also in Radar as <rdar://problem/4079527> When sending a login POST to a website with an XMLHttpRequest object in JavaScript, the expected behavior is the creation of a cookie that is reusable later (and ideally reusable by Safari when it directly hits the same domain). However, that does not happen. It appears that XMLHttpRequest is not handing the set-cookie headers that come back from such an action. Attached cookiebug.zip. It's a teardown of a 3rd-party Dashboard widget. To reproduce: 0) Turn off popup blocking. 1) Load CRSX.html. Username is dashboard, password 'tiger' 2) click "Log in normally" you'll be redirected to forums.clubrsx.com. Notice that the front page says "Welcome, dashboard", acknowledging you've logged in. 3) Reload CRSX.html and click the "Clear all cookies" link to start over. 4) Log in again this time using the "Log in using XMLHttpRequest" link The debug div will walk through the submission of the post. The login confirmation from the server will appear as a popup and you'll see the debug div throw out the set-cookie headers that the XMLHttpRequest received. It will also send a 2nd request to the forum FAQ page, which should have a div saying "Welcome, dashboard" assuming the session was persisted. It does not. You can also confirm that cookies.xml has none of the entries listed in the debug div. You can also to go clubrsx.com in a new window after the XMLHttpRequest login and see that it does not recognize that you've logged in.
Created attachment 2227
Comment on attachment 2227 Removed attachment as it contained login information.
Created attachment 12186 [details] test case I cannot reproduce this problem with shipping Safari or TOT. Here is a test case, since we didn't have this behavior covered.
Test committed revision 18549.
I'm seeing this test failing locally in a debug build of r18568. --- /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/LayoutTests/http/tests/xmlhttprequest/cookies-expected.txt 2007-01-04 10:51:32.000000000 +1100 +++ /tmp/layout-test-results/http/tests/xmlhttprequest/cookies-actual.txt 2007-01-04 12:57:04.000000000 +1100 @@ -1,4 +1,4 @@ Tests for bug 3420: XMLHttpRequest does not handle set-cookie headers. -SUCCESS +FAIL: the cookie was not set
Could you please tell more about the failure? 1. Is this on Tiger or Leopard? 2. Does this test fail with shipping Safari? 3. Does it fail with a nightly build (without DRT)?
I'm on Tiger. I've narrowed the problem down somewhat -- the test fails when the URL is <http://127.0.0.1:8000/xmlhttprequest/cookies.html>, but passes when it is <http://localhost:8000/xmlhttprequest/cookies.html>. The same behaviour occurs in DRT, Safari with WebKit 418.9.1, and Safari with ToT WebKit.
Created attachment 12241 [details] fix the test The test failed if there were other cookies already present for 127.0.0.1. I accounted for that in .html, but not in .cgi; fixed.
Comment on attachment 12241 [details] fix the test r=me
Committed revision 18620.