[Webkit-unassigned] [Bug 219650] Cookies set with SameSite=Lax are not sent during redirects in Safari
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 19 11:24:47 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=219650
Chris A <cpanderson at mac.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cpanderson at mac.com
--- Comment #3 from Chris A <cpanderson at mac.com> ---
I can confirm this issue. Lax session cookie not returned by Safari. Setting to None ok. Confirmed on macOS and iOS/iPadOS latest stable releases as of today.
Found this issue while implementing a Stripe Checkout page. Stripe Checkout is a Stripe hosted checkout page where you click a link on your site and it takes you to Stripe in same tab and not in iframe. You provide a link back to your site for the "cancel_url".
Clicking the cancel url takes you back to your site but the session id is empty and user is redirected to reauthenticate. If you then open the cancel_url via the addressbar instead of signing in again, Safari finds the cookie and reauthenticates you.
If you click the cancel_url on the Stripe Checkout page in a new tab Safari sends the session cookie. If you click the Safari back button it works as well.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210219/33cfea3e/attachment.htm>
More information about the webkit-unassigned
mailing list