[Webkit-unassigned] [Bug 129946] Regression: Session Cookies dropped from Application Cache (Appcache) Manifest Request
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 12 15:49:56 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=129946
--- Comment #2 from ray <mihir.ray at gmail.com> 2014-03-12 15:49:49 PST ---
(In reply to comment #1)
> This sounds like correct behavior to me - we shouldn't be storing content that's specific to a particular
> login session persistently. The user could log in to a different account next time.
>
> Furthermore, we shouldn't be sending persistent cookies or credentials either, it's a bug if we do.
Are you saying manifests cannot be dependent on session cookies (or any cookies)? There may be merit to this argument, but I do not see anything in the standard to suggest it (?).
In fact, I think there are very good reasons other browsers do not do things that way (including prior versions of Safari!).
Consider forms-based authentication mechanisms, which generate an authentication token in the form of a cookie. By not sending this token with the manifest request, you are effectively demanding anonymous access to the manifest resource, are you not?
As a second example, imagine a web site where 99% of traffic represents repeat visits from the same user from the same user agent. It seems entirely inappropriate for the browser to prevent the site's developers from optimizing this case and gracefully degrading the experience (out of the app-cache) for the 10% case.
There are many other scenarios.
This appears to be a serious regression in Safari 7.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list