RESOLVED FIXED Bug 3420
XMLHttpRequest does not handle set-cookie headers 
https://bugs.webkit.org/show_bug.cgi?id=3420
Summary XMLHttpRequest does not handle set-cookie headers
John Sullivan
Reported 2005-06-10 13:46:51 PDT
This is also in Radar as <rdar://problem/4079527> When sending a login POST to a website with an XMLHttpRequest object in JavaScript, the expected behavior is the creation of a cookie that is reusable later (and ideally reusable by Safari when it directly hits the same domain). However, that does not happen. It appears that XMLHttpRequest is not handing the set-cookie headers that come back from such an action. Attached cookiebug.zip. It's a teardown of a 3rd-party Dashboard widget. To reproduce: 0) Turn off popup blocking. 1) Load CRSX.html. Username is dashboard, password 'tiger' 2) click "Log in normally" you'll be redirected to forums.clubrsx.com. Notice that the front page says "Welcome, dashboard", acknowledging you've logged in. 3) Reload CRSX.html and click the "Clear all cookies" link to start over. 4) Log in again this time using the "Log in using XMLHttpRequest" link The debug div will walk through the submission of the post. The login confirmation from the server will appear as a popup and you'll see the debug div throw out the set-cookie headers that the XMLHttpRequest received. It will also send a 2nd request to the forum FAQ page, which should have a div saying "Welcome, dashboard" assuming the session was persisted. It does not. You can also confirm that cookies.xml has none of the entries listed in the debug div. You can also to go clubrsx.com in a new window after the XMLHttpRequest login and see that it does not recognize that you've logged in.
Attachments
test case (3.79 KB, patch)
2007-01-03 06:39 PST, Alexey Proskuryakov 		darin: review+
DetailsFormatted DiffDiff
fix the test (1.35 KB, patch)
2007-01-05 11:40 PST, Alexey Proskuryakov 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
John Sullivan
Comment 1 2005-06-10 13:47:24 PDT
Created attachment 2227
John Sullivan
Comment 2 2005-06-23 09:28:35 PDT
Comment on attachment 2227 Removed attachment as it contained login information.
Alexey Proskuryakov
Comment 3 2007-01-03 06:39:34 PST
Created attachment 12186 [details] test case I cannot reproduce this problem with shipping Safari or TOT. Here is a test case, since we didn't have this behavior covered.
Alexey Proskuryakov
Comment 4 2007-01-03 11:35:52 PST
Test committed revision 18549.
Mark Rowe (bdash)
Comment 5 2007-01-03 18:10:05 PST
I'm seeing this test failing locally in a debug build of r18568. --- /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/LayoutTests/http/tests/xmlhttprequest/cookies-expected.txt 2007-01-04 10:51:32.000000000 +1100 +++ /tmp/layout-test-results/http/tests/xmlhttprequest/cookies-actual.txt 2007-01-04 12:57:04.000000000 +1100 @@ -1,4 +1,4 @@ Tests for bug 3420: XMLHttpRequest does not handle set-cookie headers. -SUCCESS +FAIL: the cookie was not set
Alexey Proskuryakov
Comment 6 2007-01-04 02:06:37 PST
Could you please tell more about the failure? 1. Is this on Tiger or Leopard? 2. Does this test fail with shipping Safari? 3. Does it fail with a nightly build (without DRT)?
Mark Rowe (bdash)
Comment 7 2007-01-04 16:48:46 PST
I'm on Tiger. I've narrowed the problem down somewhat -- the test fails when the URL is <http://127.0.0.1:8000/xmlhttprequest/cookies.html>, but passes when it is <http://localhost:8000/xmlhttprequest/cookies.html>. The same behaviour occurs in DRT, Safari with WebKit 418.9.1, and Safari with ToT WebKit.
Alexey Proskuryakov
Comment 8 2007-01-05 11:40:04 PST
Created attachment 12241 [details] fix the test The test failed if there were other cookies already present for 127.0.0.1. I accounted for that in .html, but not in .cgi; fixed.
Darin Adler
Comment 9 2007-01-05 11:40:56 PST
Comment on attachment 12241 [details] fix the test r=me
Alexey Proskuryakov
Comment 10 2007-01-05 11:43:05 PST
Committed revision 18620.
Note You need to log in before you can comment on or make changes to this bug.