Bug 169173 - Safari is omitting cookies when sending a web request
Summary: Safari is omitting cookies when sending a web request
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: Safari 10
Hardware: Macintosh OS X 10.11
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-03-04 12:29 PST by Jan Hajek
Modified: 2017-06-17 15:04 PDT (History)
6 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Hajek 2017-03-04 12:29:47 PST
When I set multiple (3 or more) large cookies - with 3000 bytes content each, the browser only appears to send the first two and omits the third and the rest. This is currently happening in Safari on Mac and iPhone as well, while when using Chrome on Mac - this works fine, same for Microsoft Edge, Chrome, and other browsers on Windows. This is an issue for example when building an ASP.NET Core web application which uses cookies to store user's identity and can have potentially bad effect on more applications. I managed to successfully reproduce the issue without ASP.NET Core.

I haven't been able to find anything in the documentation about the cookies being omitted when the total is larger then certain size or so.
Comment 1 Radar WebKit Bug Importer 2017-03-04 15:51:56 PST
<rdar://problem/30853509>
Comment 2 Jan Hajek 2017-03-05 03:44:24 PST
Does this have anything to do with nginx's default configuration of large_client_header_buffers to allow maximum of 8kB in headers? http://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers
Comment 3 Geoffrey Garen 2017-03-27 16:12:30 PDT
Can you upload a test case or provide a link to a test case that demonstrates this issue?
Comment 4 Jan Hajek 2017-03-28 00:37:28 PDT
Alright - when you visit http://hajekj-cookietest.azurewebsites.net/ - the site is going to set 4 cookies named cookie-1 to cookie-4, each of 3978 bytes in size. When you refresh the page, it is going to show the cookies the server received and in case when you use Safari, only 2 cookies will be shown - cookie-1 and cookie-2, the rest is missing. From developer tools, it will show that there are 4 cookies in the browser memory.

The script for this demo is in PHP, and is like this:

```php
<?php
function generateRandomString($length = 10) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}

for($i = 0; $i < 4; $i++) {
    setcookie("cookie-$i", generateRandomString(3970));
}
echo "<pre>";
print_r($_COOKIE);
```
Comment 5 Jan Hajek 2017-06-14 23:27:02 PDT
Hi, are there any updates on this?
Comment 6 Brady Eidson 2017-06-15 12:03:20 PDT
(In reply to Jan Hajek from comment #5)
> Hi, are there any updates on this?

WebKit doesn't handle cookies on network requests itself - It relies on platform libraries beneath it.

In the case of Mac/iOS WebKit, this means CFNetwork which is a proprietary project at Apple. Which also means the WebKit project can't comment on it.

Let me ask you this, though - Have you had a chance to try with the High Sierra and/or iOS 11 developer betas?

If not because you're not a registered developer, I strongly suggest you try with the first public betas once they come out.
Comment 7 Jan Hajek 2017-06-16 11:16:11 PDT
I will be able to try tomorrow on iOS 11. If it is the issue with CFNetwork, where would I go to report and sort such thing?
Comment 8 Brady Eidson 2017-06-16 11:26:59 PDT
(In reply to Jan Hajek from comment #7)
> I will be able to try tomorrow on iOS 11. 

Great!

> If it is the issue with CFNetwork, where would I go to report and sort such thing?

https://developer.apple.com/bug-reporting/
https://bugreport.apple.com/

Once a radar is filed, please mention it here so we can link the issues internally.
Comment 9 Jan Hajek 2017-06-16 13:02:18 PDT
Link to the bug report: https://bugreport.apple.com/web/?problemID=32821328
Comment 10 Jan Hajek 2017-06-17 07:38:58 PDT
I just checked and it seems to be working fine in Safari on iOS 11.
Comment 11 Brady Eidson 2017-06-17 15:04:14 PDT
(In reply to Jan Hajek from comment #10)
> I just checked and it seems to be working fine in Safari on iOS 11.

👍