[Webkit-unassigned] [Bug 24987] New: Cookies set to .nhs.uk are blocked/not served

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 1 09:09:43 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=24987

           Summary: Cookies set to .nhs.uk are blocked/not served
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://talk.nhs.uk
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: WebKit API
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: martin.button at button-it.co.uk


.nhs.uk is an exception to the normal domain rules (I believe there are a few
TLD/SLD's that are). .nhs.uk is SLD/TLD but is also the legitimate address of
the NHS website in the UK. 

The NHS websites use single sign on by setting a cookie to .nhs.uk. In Safari
3.x this worked fine, in Google Chrome and Safari 4.x the cookies are blocked.
We had the same problem when Firefox went from 2.x to 3.x, Mozilla have now
added an exception to Firefox to allow the .nhs.uk cookies to be set.

The behaviour here can be seen by registering with www.nhs.uk and then once
logged in attempting to browse to talk.nhs.uk. You should still be logged in
but you'll find you are not.

I've raised this with Apple and Google through various channels with little
success yet. Somebody in the Apple forums did suggest though that this was a
WebKit issue which is why I'm posting this here.

Can somebody please confirm if this is something WebKit controls, if it is how
long is it likely to take to get a fix? From there are there any contacts
within Apple/Google we can use to try and get this fix pushed into their
products?

This is quite a big concern as the NHS website is the website for the National
Health Service in the UK. It attracts 1.5 million users per week so the
exposure to this bug will be in the 100's of thousands of users at least when
people start to move to Safari 4 (going by Safari's 10% market share).

Thanks for any assistance offered


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list