Bug 128730
| Summary: | [GTK] Broken session management in google.com and live.com | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Sergio Villar Senin <svillar> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Critical | CC: | cgarcia, dpino, gustavo, mayurk.vk, zan |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://www.google.com | ||
Sergio Villar Senin
Steps:
1- goto google.com
2- sign in
3- sign out
Expected outcome:
session is closed
Actual outcome:
session is still open
I've tried with both WK1 and WK2, and no significant changes happened in libsoup so we must have broken the session and/or redirection code.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
mayurk.vk
I will check this issue further, hoping not stepping on anyone's toes here. :)
Sergio Villar Senin
It's also broken for MS's live.com. I'm raising the importance.
Diego Pino
I reproduced the steps in google.com. I only tried WK2. I couldn't reproduce the bug. The latest commit I have is r165232.
mayurk.vk
I tried the steps for www.google.com in WebkiGTK+ MiniBrowser. But could not reproduce the issue. The session is being closed properly.
Carlos Garcia Campos
I've found the cause of this problem, it's the DoNotTrack header, and that's the reson why it doesn't happen in MiniBrowser. Try disabling the DNT setting in ephy.
Sergio Villar Senin
(In reply to comment #5)
> I've found the cause of this problem, it's the DoNotTrack header, and that's the reson why it doesn't happen in MiniBrowser. Try disabling the DNT setting in ephy.
Hmm, so we're getting the opposite effect, we send the DNT and as a consequence the session is never closed, so the user is tracked :)
We must be doing something terribly wrong with the cookies, because I've set up Firefox to send the DNT and the session management just works. Maybe we should redirect this to epiphany though...
Carlos Garcia Campos
Ok, so the problem is not the DNT header in the end, but the analytics removal ephy does when DNT setting is enabled. So, yes this is definitely an ephy bug.