[Webkit-unassigned] [Bug 272968] New: Error during the third party cookies request (StorageAccess API)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 19 02:42:54 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=272968

            Bug ID: 272968
           Summary: Error during the third party cookies request
                    (StorageAccess API)
           Product: WebKit
           Version: Safari 17
          Hardware: iPhone / iPad
                OS: iOS 17
            Status: NEW
          Severity: Major
          Priority: P2
         Component: WebKit API
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: matteo.resconi at megaitaliamedia.it

Created attachment 471005

  --> https://bugs.webkit.org/attachment.cgi?id=471005&action=review

Attached I leave my code.php file and a video of the problem

Steps to reproduce the problem

We're an elearning company named Mega Italia Media S.P.A (https://www.megaitaliamedia.com/) and we have to use the third party cookies PHPSESSID inside an iframe. More specifically we need to use the variable $_SESSION inside the iframe itself.

Here I leave all the steps you need to follow to reproduce the problem:

1. Navigate at the following link "https://megameet.live/it/google-test-iframe/"
2. The page starts working immediatly and you'll be able to read all the steps the code is executing
3. The iframe needs access to the third party cookies. The code verifies if the iframe has access or not. If not the "REQUEST COOKIE ACCESS" will be shown and the user needs to click on it to grant the access.
4. The code will finally tell you if all is working or if there is an error

---

Problem Description

After enabling the "Allow Cross-Website tracking" option in iOS's Chrome settings, the problem persists.

You can see the problem if you launch this url "https://megameet.live/it/google-test-iframe/" inside the Chrome application of an IOS iPhone or iPad. Basically at the onload of the page, the code control if there is a special $_GET param and, if is not present, a random value with the "rand()" function of PHP will be generated and assigned at $_SESSION variable. After a few seconds the page will be reloaded with the special $_GET param (that is the random value assigned before) and the code will check if the $_SESSION variable value is equal to the $_GET special param value. If that is the case, the code worked properly, otherwise the "REQUEST COOKIE ACCESS" button will be exposed and when the user click on it the requestStorageAccess() method will be called and the page will be reloaded again after a few seconds. At this point (after the access has been granted) the page should work properly, however we enter in an "infinite loop" of cookie request because the variable $_SESSION will never be accessible, so the page will continue to display the "REQUEST COOKIE ACCESS" button.

---

I'm using the 17.4.1 version of iOS.
I attach you all my code in the file "code.php", so if you want you can check it and tell me what I'm doing wrong.
I also attach you a video where you can see the different behavior between Safari and Chrome application.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240419/321dc4ac/attachment.htm>

More information about the webkit-unassigned mailing list