[Webkit-unassigned] [Bug 233128] Navigation from CodePen iframe to CodePen top frame makes CodePen servers think the user is not logged in
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 15 16:00:34 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=233128
Chris Coyier <chriscoyier at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chriscoyier at gmail.com
--- Comment #1 from Chris Coyier <chriscoyier at gmail.com> ---
Thanks so much for opening this John! Indeed this is a weird bug we've been trying to track down without luck so far. To answer the questions....
1) They are definitely logged out. There is a cookie called `cp_session` that just gets wiped out after the link click. https://d.pr/i/bVoA1A
2) Yeah there is no need to attempt to see if a user is logged in or not with the embed itself.
3) Looks like SameSite = Lax (is this the culprit?)
4) No ServiceWorkers in use.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211116/f9090eb1/attachment.htm>
More information about the webkit-unassigned
mailing list