[Webkit-unassigned] [Bug 255524] REGRESSION (Safari 16.4): Safari sometimes doesn't send cookies for assets requests and javascript fetch requests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jun 10 19:07:55 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=255524

Adi Putra <adiputraloka at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adiputraloka at gmail.com

--- Comment #56 from Adi Putra <adiputraloka at gmail.com> ---
I encounter this issue as well on ios 16.5 and am using laravel

Maybe more clue for the Apple dev team on this bug behaviour

#1 
I load the home page and confirm the cookie is set successfully. I add the die,dump,debug [ddd($request->cookie())] in the middleware to return the cookie value and i got correct session cookie id and csrf token id when i refresh the same page. 

Note: i dont remove the ddd function when moving to observation 2
#2
Problem arise when I move to other page (i.e., login page, about page or etc). What happen is i got null value for the session cookie id and csrf token id. But what happen next maybe offer a big clue to solve this problem as when i click refresh, i get the correct session cookie id and csrf token id.

=> so this is what i believe happen to all of us. cookie is set properly but when we move to another page (let call it page 2). the browser return null value and because of this most framework will take this as new session and assign new session id. However as shown in observation #2, if i stop the framework from setting new cookie from the ddd function, on second refresh on page 2, the browser finally return correct session id

Question for others:
did you guys managed to circumvent this issue in ios 16.5 by using this method suggested by others as i try it by removing samesite attribute but issue is not resolved :(.

```
It seems to occur when the samesite attribute of Cookie is set to "Lax" in Safari 16.4. If the samesite attribute is not set (not 'none') in my Rails Application, this problem will not occur, but it will occur if it is 'Lax'.
```

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230611/2874105c/attachment.htm>

More information about the webkit-unassigned mailing list