246477 2022-10-13 15:22:05 -0700 Cap cookie lifetimes to 7 days for responses from third party IP addresses 2023-04-06 10:39:16 -0700 1 1 1 Unclassified WebKit Platform WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 wenson_hsieh wenson_hsieh blare-seabeds-0x dmdabbs webkit-bug-importer oldest_to_newest 1905445 0 wenson_hsieh 2022-10-13 15:22:05 -0700 rdar://100831206 1905448 1 wenson_hsieh 2022-10-13 15:49:38 -0700 Pull request: https://github.com/WebKit/WebKit/pull/5347 1907427 2 ews-feeder 2022-10-21 14:37:31 -0700 Committed 255849@main (b0305b173106): <https://commits.webkit.org/255849@main> Reviewed commits have been landed. Closing PR #5347 and removing active labels. 1911740 3 blare-seabeds-0x 2022-11-10 21:48:44 -0800 Hi Wenson Hsieh, I am trying to understand more about this fix. I tried this on preview and it looks quite a huge change with a lot of side effects for valid use cases. If I am not mistaken this use cases will be now broken: 1) I have services that are running in multiple infrastructures. Like site is cached on some CDN, where my auth server is running on Heroku, where processing is done on AWS (one main domain and two subdomains with different IP's). Because of that my own services are limited now. Using multiple infrastructures in completely first party mode (I own everything) is legit use case. 2) I have headless shop on Shopify. This means that my html/css/js is hosted on some CDN let's say Vercel, but I am using Shopify API's to run the store. This now means that user will be limited to 7 days for everything related to Shopify. Would love to hear more about this change. Thank you