Summary: | [GTK] setting document.cookie from same domain in private mode overwrites previous value set in another webview | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Jérémy Lal <kapouer> | ||||||
Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> | ||||||
Status: | NEW --- | ||||||||
Severity: | Normal | CC: | bugs-noreply, cgarcia, danw, dbates, gustavo, mcatanzaro, svillar | ||||||
Priority: | P2 | ||||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Linux | ||||||||
Attachments: |
|
Description
Jérémy Lal
2015-06-07 02:09:14 PDT
> I expected cookie to be 'sid=firstcookie', especially in private mode.
> Am i wrong ?
I think cookies should never leak out of private mode. :(
Still happening with webkit2gtk up to 2.10.3 Oh, you're using the enable-private-browsing setting... Carlos, is that setting supposed to be exposed? In Epiphany we implement private browsing by using a separate profile directory and deleting the directory when we're done. I'm rather concerned that we have this setting if it doesn't work reliably. I've seen private browsing-related bugs fixed in Mac-specific ways in the past, which I thought was fine because I didn't realize we exposed this mode. I thought someone would come and tell me "you did not enable private browsing so it's not a bug" - so i enabled the option, but you'll get the same result without it. Created attachment 283316 [details]
client test with a new context
There was a bug in the test itself (the second view was used to load the first page). However, fixing that bug without setting a new context on each view does not isolate cookies.
So i finally understood how to isolate cookies by setting a new context for each new view. So the only "bug" left is the fact "private mode" setting is misleading, and should be dropped and replaced by proper use of context (?). |