[Webkit-unassigned] [Bug 233128] Navigation from CodePen iframe to CodePen top frame makes CodePen servers think the user is not logged in

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 15 16:00:34 PST 2021


Chris Coyier <chriscoyier at gmail.com> changed:

           What    |Removed                     |Added
                 CC|                            |chriscoyier at gmail.com

--- Comment #1 from Chris Coyier <chriscoyier at gmail.com> ---
Thanks so much for opening this John! Indeed this is a weird bug we've been trying to track down without luck so far. To answer the questions....

1) They are definitely logged out. There is a cookie called `cp_session` that just gets wiped out after the link click. https://d.pr/i/bVoA1A

2) Yeah there is no need to attempt to see if a user is logged in or not with the embed itself.

3) Looks like SameSite = Lax (is this the culprit?)

4) No ServiceWorkers in use.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211116/f9090eb1/attachment.htm>

More information about the webkit-unassigned mailing list