[Webkit-unassigned] [Bug 233128] Navigation from CodePen iframe to CodePen top frame makes CodePen servers think the user is not logged in

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=233128

Chris Coyier <chriscoyier at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |chriscoyier at gmail.com

--- Comment #1 from Chris Coyier <chriscoyier at gmail.com> ---
Thanks so much for opening this John! Indeed this is a weird bug we've been trying to track down without luck so far. To answer the questions....

1) They are definitely logged out. There is a cookie called `cp_session` that just gets wiped out after the link click. https://d.pr/i/bVoA1A

2) Yeah there is no need to attempt to see if a user is logged in or not with the embed itself.

3) Looks like SameSite = Lax (is this the culprit?)

4) No ServiceWorkers in use.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211116/f9090eb1/attachment.htm>