[Webkit-unassigned] [Bug 247482] New: Cleared cookie still appears in document.cookie

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 4 04:49:59 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=247482

            Bug ID: 247482
           Summary: Cleared cookie still appears in document.cookie
           Product: WebKit
           Version: Safari 15
          Hardware: All
                OS: macOS 12
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: petr.hurtak at gmail.com

When you clear cookie (using regular Set-Cookie header with expiration in the past) with different configuration than how you set the cookies (HttpOnly configuration in our case), the cookie does not get cleared in the document.cookie JS API.

This is what happens:
- JavaScript document.cookie still has the unset cookies (incorrect)
- HTTP Cookie header is not sending the unset cookies (correct)
- When opening the same URL to new window, the document.cookie does not have the unset cookies (correct)

Repro example
- First set cookie with header `Set-Cookie: test=yes; Max-Age=1000000; path=/`
- Observe that 
  - document.cookie has `test` cookie
  - Cookie header sends `test` cookie
- Then clear cookie with header `Set-Cookie: test=deleted; Max-Age=0; path=/; HttpOnly;` < notice the extra HttpOnly settings
- Observe that 
  - document.cookie still has `test` cookie (incorrect)
  - Cookie header does not send `test` cookie (correct)
  - When opening new tab on the same URL, the document.cookie does NOT have `test` cookie (correct)

Video how it looks like: https://twitter.com/PetrHurtak/status/1588466286191063042

Reproduction example repository: https://github.com/Hurtak/safari-redirect-cookies-test

I am able to reproduce this on
- MacOS Safari 15.5
- MacOS Safari Technology Preview 16.4
- iOS 16 Safari

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221104/dafb2e82/attachment-0001.htm>

More information about the webkit-unassigned mailing list