I'm going to temporarily make the assertion wrong so this can be investigated separately from the "secure" flag bug (https://bugs.webkit.org/show_bug.cgi?id=171700). The test fix for that exposed this unexpected failing test assertion.
Committed r216272: <http://trac.webkit.org/changeset/216272>
Un-closing, going to track the fix here too.
Looks like another round tripping issue: (lldb) po cookie <NSHTTPCookie version:1 name:"OtherCookieName" value:"OtherCookieValue" expiresDate:(null) created:2017-05-05 21:18:10 +0000 sessionOnly:TRUE domain:".www.w3c.org" partition:"none" path:"/path" isSecure:TRUE> (lldb) po cookie2.get() <NSHTTPCookie version:0 name:"OtherCookieName" value:"OtherCookieValue" expiresDate:2017-05-06 00:04:50 +0000 created:2017-05-05 21:18:10 +0000 sessionOnly:FALSE domain:".www.w3c.org" partition:"none" path:"/path" isSecure:FALSE> Also note that the expires date is getting dropped, afaict. Is that something we are supposed to preserve?
I think it's sessionOnly if it doesn't have an expiresDate... then the expiration date is when you close the browser.
The NS equivalent here is NSHTTPCookieDiscard: https://developer.apple.com/reference/foundation/nshttpcookiediscard "String value must be either "TRUE" or "FALSE". This cookie attribute is optional. The default is "FALSE", unless this cookie is version 1 or greater and a value for NSHTTPCookieMaximumAge is not specified, in which case it is assumed to be "TRUE"."
(In reply to Brian Burg from comment #5) > The NS equivalent here is NSHTTPCookieDiscard: > > https://developer.apple.com/reference/foundation/nshttpcookiediscard > > "String value must be either "TRUE" or "FALSE". This cookie attribute is > optional. The default is "FALSE", unless this cookie is version 1 or greater > and a value for NSHTTPCookieMaximumAge is not specified, in which case it is > assumed to be "TRUE"." Ignore the discard thing, I think.
(In reply to Michael Catanzaro from comment #4) > I think it's sessionOnly if it doesn't have an expiresDate... then the > expiration date is when you close the browser. Michael is right. If it has an expires date, it's a persistent cookies. If it doesn't, it's session.
Yah, the test does the discard thing, but in reality having an expires date is what defines session or not.
Except the docs say: "A boolean value that indicates whether the receiver should be discarded at the end of the session (regardless of expiration date)." lol wut.
<rdar://problem/32027327>
Created attachment 309232 [details] Patch
Comment on attachment 309232 [details] Patch Clearing flags on attachment: 309232 Committed r216292: <http://trac.webkit.org/changeset/216292>
All reviewed patches have been landed. Closing bug.