[Webkit-unassigned] [Bug 199928] New: sessionStorage/localStorage lose data (if followed by window.location.href = ...)

Thu Jul 18 20:16:35 PDT 2019

https://bugs.webkit.org/show_bug.cgi?id=199928

            Bug ID: 199928
           Summary: sessionStorage/localStorage lose data (if followed by
                    window.location.href = ...)
           Product: WebKit
           Version: Safari 12
          Hardware: All
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mail at florian-schoppmann.net

Consider the following code that writes to sessionStorage/localStorage and then immediately sets a new location with an origin different from the current one:

sessionStorage.setItem(key, value);
window.location.href = url;

Now assume that the site at `url` immediately redirects back. Upon redirect, however, sessionStorage.getItem(key) === null.

https://fschopp.github.io/safari-local-storage-bug/ is a test case that reliably shows the bug both with Safari 12.1.1 as well as with Safari on iOS 12.3.1. The test case works as expected in Chrome and Firefox; that is, in the browsers sessionStorage.getItem(key) returns the value that was previously written.

Background: I stumbled across the problem when attempting to store local state during OAuth authentication (as opposed to, say, encoding local state in the OAuth redirect URL).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190719/00436563/attachment-0001.html>