Bug 212261
| Summary: | Cookie SameSite option ignored if expires exceeds 7 days | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Alexander Osin <alexander.osin> |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED MOVED | ||
| Severity: | Normal | CC: | beidson, bfulgham, webkit-bug-importer, wilander |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 13 | ||
| Hardware: | Unspecified | ||
| OS: | macOS 10.15 | ||
Alexander Osin
Hello Webkit,
If I set cookie with 'expires' option set to 7 days from now, 'SameSite' option appears to be set as 'Strict'.
document.cookie = "test1=value;expires="+new Date(Date.now() + (7 * 24 * 60 * 60 * 1000)).toGMTString()+';secure;SameSite=Strict;';
If I set 'expires' option to something far from 7 days limit, 'SameSite' option appears as '---', despite it's being provided.
document.cookie = "test2=value;expires="+new Date(Date.now() + (365 * 24 * 60 * 60 * 1000)).toGMTString()+';secure;SameSite=Strict;';
Thank you,
Alexander
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/63603775>
Brent Fulgham
The fix for this issue was needed outside the WebKit project, therefore this is being resolved as 'Moved'.
The fixed component is shipping in all current releases.