[Webkit-unassigned] [Bug 255524] REGRESSION (Safari 16.4): Safari sometimes doesn't send cookies for assets requests and javascript fetch requests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jul 21 07:21:16 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=255524

Arjan <a.wind at cerus.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |a.wind at cerus.nl

--- Comment #68 from Arjan <a.wind at cerus.nl> ---
Created attachment 467085

  --> https://bugs.webkit.org/attachment.cgi?id=467085&action=review

An image of the cookies that should all be present

This bug is not resolved as the problem still exists in Safari Version 16.5.2 (18615.2.9.11.10). Actually; I just stumbled on this bug when investigating an issue with assets sometimes not loading causing errors in our web application. Some assets called by a <script src=..> tag are rendered bij ASP.NET MVC Controllers. Their output (JavaScript) is used in the web application. These assets can't be cached, because it might contain download tokens or server side settings which may change over time.

What I discovered was that the assets were not loading correctly because sometimes after a few clicks / navigating in the web application, the assets were loaded with just 4 of the 7 cookies that should be sent. 3 cookies are lost, including the authenticated session. I've attached an image with the cookies (and their configuration) that should be present with all calls to the server. However the ones with a red square before them (sorry for my drawing skills) are the ones that get lost from time to time (all having some value in SameSite).

The times that not all cookies are sent to the server are just random. It's possible that it works like 7-8 times with all the cookies sent and the 9th time the 3 cookies are lost. Then the user is logged out in our controller (causing the errors when loading the assets and resetting the session). All within a timespan of seconds to minutes. This problem only exists in Safari and it keeps happening after multiple clicks/navigating from page to page.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230721/bcdc7d1a/attachment.htm>

More information about the webkit-unassigned mailing list