NEW 215603
couldn't get cookie by js, and the cookie from a request header which including set-cookie 
https://bugs.webkit.org/show_bug.cgi?id=215603
Summary couldn't get cookie by js, and the cookie from a request header which includi...
Xin-U, Liu
Reported 2020-08-18 04:52:02 PDT
Created attachment 406777 [details] my test website page Hi, I found a cookie bug which behavior is weird, and it happens on safari and chrome on iOS device current behavior: 1. open safari, and set safari preferences of "safari opens with" to "all windows from last session" 2. create new page like below attachment 3. create a new tab than making a request to server on the page, server responses data which includes set-cookie header like below ` Set-Cookie: XSRF-TOKEN=767e3675-d094-4af5-a9ab-330529151523; Domain=fleet.dev.aaa.com; Path=/; Secure; SameSite=Strict ` and obviously I can read XSRF-TOKEN by calling `document.cookie` 4. close whole browser by using shortcut key `command + Q`, and open safari again 5. then call the request again, server also responses data which includes set-cookie header like below ` Set-Cookie: XSRF-TOKEN=767e3675-d094-4af5-a9ab-330529151523; Domain=fleet.dev.aaa.com; Path=/; Secure; SameSite=Strict ` 6. and you will find that js can't read XSRF-TOKEN by calling `document.cookie` I found that js can't read XSRF-TOKEN because the page restored from last session, but js can read XSRF-TOKEN because the page opened from a whole new tab
Attachments
my test website page (324.89 KB, image/png)
2020-08-18 04:52 PDT, Xin-U, Liu 		cacocacoon: review-
cacocacoon: commit-queue-
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-08-18 09:21:51 PDT
<rdar://problem/67331868>
John Wilander
Comment 2 2020-08-18 09:57:14 PDT
This sounds like something CFNetwork should look at. Or possibly Chris Dumez with the recent changes to document.cookie.
Xin-U, Liu
Comment 3 2020-08-18 19:02:09 PDT
If calling same request again, which includes the XSRF-TOKEN cookie, but not show on web inspector
Xin-U, Liu
Comment 4 2020-08-19 20:47:53 PDT
Comment on attachment 406777 [details] my test website page delete
Xin-U, Liu
Comment 5 2020-09-03 03:49:31 PDT
Hi, I was stuck by this issue for a long time. Does anyone have any feedback?
Brady Eidson
Comment 6 2020-09-04 09:38:04 PDT
(In reply to Xin-U, Liu from comment #5) > Hi, > I was stuck by this issue for a long time. > Does anyone have any feedback? If you had a live test case that worked as expected in another browser but is broken in Safari, that'd go a long way in helping to explore it.
Note You need to log in before you can comment on or make changes to this bug.