[Webkit-unassigned] [Bug 129946] Regression: Session Cookies dropped from Application Cache (Appcache) Manifest Request

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 28 19:53:58 PDT 2014


https://bugs.webkit.org/show_bug.cgi?id=129946


gbaker <foobar22 at hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |foobar22 at hotmail.com




--- Comment #3 from gbaker <foobar22 at hotmail.com>  2014-03-28 19:54:17 PST ---
If SessionCookie is not sent to the server then how is anyone supposed to use AppCache for authenticated users?

The assumption that you are making is that the page in AppCache is landing page, sadly for my case that's not the case. Here is our login flow looks like.

1. If User is not authenticated:
Navigate to http://FooBar.com -> 302 to auth page -> after auth 302 to http://FooBar.com/userName (and this page is in AppCache) -> Use window.history.replaceState({}, "Title", "/")

2. If User is already authenticated
Navigate to http://FooBar.com -> 302 to http://FooBar.com/userName (and this page is in AppCache) -> Use window.history.replaceState({}, "Title", "/") so that to user URL does not contain userName.

BTW, even if user loads http://FooBar.com, we do verify that he/she is logged in so there is no real issue of un-intended access (after all any data access will require authentication).

But now this flow has broken for us. It's only Safari that's broken, all other browsers work just fine.

If you think sending SessionCookie is wrong, then please work with Standards committee to change this behavior, but plesae-plesae do not come up with interpretation of the standard that's different from other browsers.

Thanks

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list