[Webkit-unassigned] [Bug 228321] New: Updated cookie received in XHR response’s Set-Cookie header, is not getting supplied into sub-sequent requests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 27 05:42:17 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=228321

            Bug ID: 228321
           Summary: Updated cookie received in XHR response’s Set-Cookie
                    header, is not getting supplied into sub-sequent
                    requests
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: iPhone / iPad
                OS: iOS 14
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rahul.jain at impetus.co.in
                CC: kkinnunen at apple.com

Issue Summary: 

Updated cookie received in XHR response’s Set-Cookie header, is not getting supplied into sub-sequent requests.

Description:

When updated cookie is being received in XHR (AJAX) Set-Cookie response header, its value is not getting updated in the existing cookie. The next request always uses the stale cookie due to that facing issues with SSO login.

Steps to reproduce:

1.      Create a Cordova app using WKWebView
2.      Launch the app with HTML page which executes the HTTP request and sends a set-cookie in response header with cookie as “MyCookie=test1”
3.      Upon completion of HTTP request, redirect at URL which executes the XHR request and send the updated cookie as “MyCookie=test2” in response header. Note that- cookie received in earlier request is not getting supplied with the XHR redirected request
4.      Again execute another XHR request, note that- No cookie is getting supplied with XHR request (Neither Stale nor updated cookie)

Expected Outcome: The cookie received in Set-Cookie header must be supplied with the sub-sequent each type of requests.

Cookie Information:

•       Cookie domain is same (No cross domain)
•       Cookie is HTTP Only and Secure 

Device details:

User-Agent : Mozilla/5.0 (iPhone; CPU iPhone OS 14_4_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 (4395668016)
iOS version : iOS 14.4.2

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210727/3a55a014/attachment.htm>

More information about the webkit-unassigned mailing list