Bug 281385

Summary: Safari 18.0 Browser Extensions Fail to Set Cookies while expirationDate Exists
Product: WebKit Reporter: K <khaledenglish>
Component: WebKit ExtensionsAssignee: Timothy Hatcher <timothy>
Status: RESOLVED FIXED    
Severity: Critical CC: timothy, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 18   
Hardware: All   
OS: macOS 15   
Bug Depends on: 283110    
Bug Blocks:    

K
Reported 2024-10-12 13:12:32 PDT
Starting from Safari 18.0, browser extensions (on iOS, iPadOS, and macOS) cannot set persistent cookies using `browser.cookies.set()` if the parameter `expirationDate` is present. For example, (a) this does not set cookies (the result of `browser.cookies.get("cookie_name")` is null: ============================= browser.cookies.set({ name: "cookie_name", url: "url_string_goes_here", value: "jwt_token_goes_here", domain: "domain_string_goes_here", secure: true, sameSite: "lax", expirationDate: number_of_seconds_to_live }); while (b) this works: ===================== browser.cookies.set({ name: "cookie_name", url: "url_string_goes_here", value: "jwt_token_goes_here", domain: "domain_string_goes_here", secure: true, sameSite: "lax", }); HOWEVER, (b) is now a "session" cookie that cannot be used to save JWTs. The moment the user closes the browser, they need to login again! This problem started from Safari 18.0, and did not exist in Safari 17. The current released of Safari (i.e., 18.0.1) still has this bug. Reference: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/cookies/set
Attachments
Radar WebKit Bug Importer
Comment 1 2024-10-12 13:12:40 PDT
Timothy Hatcher
Comment 2 2024-10-21 17:17:27 PDT
EWS
Comment 3 2024-10-22 06:41:56 PDT
Committed 285552@main (b66e4895df40): <https://commits.webkit.org/285552@main> Reviewed commits have been landed. Closing PR #35559 and removing active labels.
EWS
Comment 4 2024-10-28 15:43:51 PDT
Committed 283286.357@safari-7620-branch (2e81a87a6d53): <https://commits.webkit.org/283286.357@safari-7620-branch> Reviewed commits have been landed. Closing PR #2124 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.