[Webkit-unassigned] [Bug 145734] New: [GTK] setting document.cookie from same domain in private mode overwrites previous value set in another webview

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jun 7 02:09:14 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=145734

            Bug ID: 145734
           Summary: [GTK] setting document.cookie from same domain in
                    private mode overwrites previous value set in another
                    webview
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: kapouer at melix.org

Created attachment 254434
  --> https://bugs.webkit.org/attachment.cgi?id=254434&action=review
test.cc and server.js to reproduce

Hi,

if i do this:

```
load blank page in private webview http://localhost:40001/one
page change http://localhost:40001/one 0 
page change http://localhost:40001/one 2 
page change http://localhost:40001/one 3 
set cookie by running script on page http://localhost:40001/one
document.cookie = 'sid=firstcookie; Path=/';
loading blank page in another private webview http://localhost:40001/two
page change http://localhost:40001/two 0 
page change http://localhost:40001/two 2 
page change http://localhost:40001/two 3 
set cookie by running script on page http://localhost:40001/two
document.cookie = 'sid=secondcookie; Path=/';
load actual page1 content with script that do a xhr GET request to /xhr (need a http server)
page change http://localhost:40001/one 0 
page change http://localhost:40001/one 2 
page change http://localhost:40001/one 3 
```

then the HTTP server receives a request to http://localhost:40001/xhr with these headers:

```
{ host: 'localhost:40001',
  referer: 'http://localhost:40001/one',
  'user-agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/601.1 (KHTML, like Gecko) Version/8.0 Safari/601.1',
  accept: '*/*',
  'accept-encoding': 'gzip, deflate',
  'accept-language': 'fr-fr',
  connection: 'Keep-Alive',
  cookie: 'sid=secondcookie' }
```

I expected cookie to be 'sid=firstcookie', especially in private mode.
Am i wrong ?

I attach actual code to reproduce with webkit2gtk 2.8 or 2.9 (and probably 2.6 too).
The server part is a nodejs script but any other server is good.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150607/32e61cde/attachment.html>

More information about the webkit-unassigned mailing list