[Webkit-unassigned] [Bug 255524] New: Safari doesn't send cookies for assets requests and javascript fetch requests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 17 08:20:58 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=255524
Bug ID: 255524
Summary: Safari doesn't send cookies for assets requests and
javascript fetch requests
Product: WebKit
Version: Safari 16
Hardware: All
OS: Other
Status: NEW
Severity: Blocker
Priority: P2
Component: WebKit2
Assignee: webkit-unassigned at lists.webkit.org
Reporter: adrian.kuehni at informaticon.com
CC: kkinnunen at apple.com
On iPads after updating to iPadOS 16.4, Safari often "looses" the session in our web apps.
When the browser downloads javascript assets (from <script> tags) or when additional data is fetched by JavaScript (Fetch API), the session cookie with SameSite=Lax is not included in the request.
The Web Server re-issues a new Set-Cookie which Safari uses for future requests on the page (e.g. form submit).
This means that data stored in the cookie, like session id and shopping cart, are lost.
Expected behaviour: Since the domain of the asset/fetch requests is the same as the origin of the page, Safari should include session cookies with SameSite=Lax in those requests too.
Reproduced with:
- iPadOS on Safari 16.4 and 16.4.1
- Safari 16.4, 16.4.1, and 16.5 beta 1 on MacBook
Additional info:
- In Private Browsing this issue doesn't occur.
- Using Google Chrome, the web apps work fine too. Both on iPadOS and on MacBook.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230417/802f9ece/attachment.htm>
More information about the webkit-unassigned
mailing list