[Webkit-unassigned] [Bug 24987] New: Cookies set to .nhs.uk are blocked/not served
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 1 09:09:43 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=24987
Summary: Cookies set to .nhs.uk are blocked/not served
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
URL: http://talk.nhs.uk
OS/Version: All
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: WebKit API
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: martin.button at button-it.co.uk
.nhs.uk is an exception to the normal domain rules (I believe there are a few
TLD/SLD's that are). .nhs.uk is SLD/TLD but is also the legitimate address of
the NHS website in the UK.
The NHS websites use single sign on by setting a cookie to .nhs.uk. In Safari
3.x this worked fine, in Google Chrome and Safari 4.x the cookies are blocked.
We had the same problem when Firefox went from 2.x to 3.x, Mozilla have now
added an exception to Firefox to allow the .nhs.uk cookies to be set.
The behaviour here can be seen by registering with www.nhs.uk and then once
logged in attempting to browse to talk.nhs.uk. You should still be logged in
but you'll find you are not.
I've raised this with Apple and Google through various channels with little
success yet. Somebody in the Apple forums did suggest though that this was a
WebKit issue which is why I'm posting this here.
Can somebody please confirm if this is something WebKit controls, if it is how
long is it likely to take to get a fix? From there are there any contacts
within Apple/Google we can use to try and get this fix pushed into their
products?
This is quite a big concern as the NHS website is the website for the National
Health Service in the UK. It attracts 1.5 million users per week so the
exposure to this bug will be in the 100's of thousands of users at least when
people start to move to Safari 4 (going by Safari's 10% market share).
Thanks for any assistance offered
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list