[Webkit-unassigned] [Bug 219872] All our cookies get randomly deleted from the NSHTTPCookieStorage. Could be a cookie sync issue between NSHTTPCookieStorage and WKHTTPCookieStore.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 14 18:01:26 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=219872

--- Comment #6 from exu at linkedin.com ---
(In reply to John Wilander from comment #3)
> (In reply to exu from comment #0)
> > Summary:
> > All our cookies get randomly deleted from the NSHTTPCookieStorage.
> > We suspect an issue in the cookie sync between NSHTTPCookieStorage and
> > WKHTTPCookieStore on our iOS app. 
> 
> When you say randomly, is that a large random spread such as some deleted
> after a month and some after five minutes?

It’s in the timespan of within a few seconds (sometimes as quick as few 100s of milliseconds).

> 
> > Our investigation: 
> > - This issue happens on more predominantly on iOS 14
> > 
> > - We’ve confirmed that the server is not deleting/resetting cookies, and the
> > cookies are issued by server with attributes Same-Site:None and Secure:Yes.
> 
> Are the servers setting cookies by any chance under so called third-party
> CNAME cloaking? See definition here: https://webkit.org/tracking-prevention/

No. These are first party cookies set for our primary domain and used there. The domain of these cookies is always .myCompany.com or .www.myCompany.com.

> 
> > Our observations:
> > When app users tap for in-app browser with WKWebView, a call from WKWebView
> > to the server is made (either directly or via XMLHttpRequest).  And right
> > after the network call, cookies in NSHTTPCookieStorage are deleted. We
> > suspect there is some bug in the sync between WKHTTPCookieStorage &
> > NSHTTPCookieStorage leading to deletion of cookies from NSHTTPCookieStorage.
> > First call after cold launch either in the app or extension/widget doesn’t
> > contain certain cookies but those cookies magically appear after a few
> > milliseconds and subsequent network calls do contain these cookies.
> 
> Are these other cookies or are these the cookies you refer to as deleted?
> Basically, do you mean deleted as in will never come back or as in just not
> available right away?

This is a totally unrelated issue. Some cookies in NSHTTPCookieStorage seem to appear later only on process start (ie. the 1st call will miss them but subsequent calls will have them). This is not consistently reproducible.

> 
> > Question:
> > - When the cookies are getting deleted from WKWebView, the cookies from the
> > NSHTTPCookieStorage are also deleted. Is this expected?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201215/48a2452b/attachment.htm>

More information about the webkit-unassigned mailing list