Bug 23520
| Summary: | Webkit does not properly handle cookies set by Bonjour sites using http response | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Yuan Qi <webkitbugs.3.maxchee> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | UNCONFIRMED | ||
| Severity: | Normal | CC: | cjf1856 |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.5 | ||
Yuan Qi
This bug can be reproduced on Safari 3.2.1 and WebKit r40102
This bug can only be reproduced by accessing the Bonjour site through its bonjour URL, but not when it's accessed through its IP address
This bug can only be reproduced when the cookie is set through a http response, but not when it's set through Javascript
I noticed two related issues:
1. When WebKit is set to ignore 3rd party cookies, the cookie is not stored at all
2. When WebKit is set to accept all cookies, the cookies is stored, but cannot be read
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Yuan Qi
Part of the HTTP response:
Set-Cookie sysauth=B5DA660A48613C990A9CE1BF512A01F2; path=/cgi-bin/luci/;stok=3A937557FC795C29CC1768A60ACFAC1E
Notice that path="/cgi-bin/luci/;stok=3A937557FC795C29CC1768A60ACFAC1E"
Christopher Febles
I have seen this same issue here at the University of Rochester. We are setting our cookie through an HTTP Response, and have the same behavior that this bug is reporting. We are not using a Bonjour site, however, but the behavior is the same.
I started a discussion thread here that led me to this bug: http://discussions.apple.com/thread.jspa?messageID=8987685
Christopher Febles
This bug is present in Safari 3.2.1 on Mac, but not present in Safari 3.2.1 on Windows, and not present in Safari 3.1.1 on Mac. This bug is present in the nightly build of WebKit, 40884.
This is a regression bug.
Yuan Qi
Are you able to workaround your bug by accessing the website through its IP address? If not then we are looking at different bugs.
This bug may be related to CFNetwork. It is NOT fixed by Apple Security Update 2009-001, which fixes a non-security-related bug affecting HTTP cookies.
Christopher Febles
I cannot workaround this bug by accessing the website through it's ip address, because of the way the site is designed.
We have a mainframe program that sets the cookies which are then read by the client. So accessing the site via it's IP doesn't change the source address of the mainframe cookies.
If you believe that these are unrelated issues, I can create another bug report.