[Webkit-unassigned] [Bug 255524] REGRESSION (Safari 16.4): Safari sometimes doesn't send cookies for assets requests and javascript fetch requests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jun 10 20:17:32 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=255524

--- Comment #57 from Adi Putra <adiputraloka at gmail.com> ---
(In reply to Adi Putra from comment #56)
> I encounter this issue as well on ios 16.5 and am using laravel
> 
> Maybe more clue for the Apple dev team on this bug behaviour
> 
> #1 
> I load the home page and confirm the cookie is set successfully. I add the
> die,dump,debug [ddd($request->cookie())] in the middleware to return the
> cookie value and i got correct session cookie id and csrf token id when i
> refresh the same page. 
> 
> Note: i dont remove the ddd function when moving to observation 2
> #2
> Problem arise when I move to other page (i.e., login page, about page or
> etc). What happen is i got null value for the session cookie id and csrf
> token id. But what happen next maybe offer a big clue to solve this problem
> as when i click refresh, i get the correct session cookie id and csrf token
> id.
> 
> => so this is what i believe happen to all of us. cookie is set properly but
> when we move to another page (let call it page 2). the browser return null
> value and because of this most framework will take this as new session and
> assign new session id. However as shown in observation #2, if i stop the
> framework from setting new cookie from the ddd function, on second refresh
> on page 2, the browser finally return correct session id
> 
> Question for others:
> did you guys managed to circumvent this issue in ios 16.5 by using this
> method suggested by others as i try it by removing samesite attribute but
> issue is not resolved :(.
> 
> ```
> It seems to occur when the samesite attribute of Cookie is set to "Lax" in
> Safari 16.4. If the samesite attribute is not set (not 'none') in my Rails
> Application, this problem will not occur, but it will occur if it is 'Lax'.
> ```

To make it clear when i mention i got null for session id, my web framework detect there is a cookie send by safari but the value is null

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230611/fea2d7ec/attachment.htm>

More information about the webkit-unassigned mailing list