Best IT Recipes

Safari doesn't set cookies, but IE / FF does

I found a strange safari cookie problem. If you go to http://2much.ch , you can type from FF / IE and surf inside the site.

But if you use a safari, you can enter it only once; you cannot surf inside the site. I found that Safari does not set the cookie entered, but FF / IE does.

What is wrong here?

+43
cross-browser safari cookies
Jul 17 '09 at 18:19
source share
5 answers

Looks like you hit the Safari error here; you redirect any visiting browser to / entry while setting a cookie, and Safari ignores the Set-Cookie header when it detects an HTTP 302 state:

$ curl -so /dev/null -D - http://4much.schnickschnack.info/ HTTP/1.1 302 Moved Temporarily Server: nginx/0.7.61 Date: Sun, 19 Jul 2009 12:20:49 GMT Content-Type: text/html;charset=utf-8 Connection: keep-alive Content-Length: 14260 Content-Language: de Expires: Sat, 1 Jan 2000 00:00:00 GMT Location: http://4much.schnickschnack.info/entry Set-Cookie: colorstyle="bright"; Path=/; Expires=1248092449.12 Set-Cookie: _ZopeId="73230900A39w5NG7q4g"; Path=/

Technically, that would be a bug in the Apple Foundation Classes, I found a WebKit bug that claims to be so.

I believe the workaround is to set the cookie not in index_html, but in the input.

Over the years since I first answered this question, this problem now seems to be solved, at least it was for Safari 6, when someone tested all the main browsers for Set-Cookie support on 302 redirects in 2012 .

+62
Jul 19 '09 at 12:33
source share

This seems to be no longer a problem. See http://blog.dubbelboer.com/2012/11/25/302-cookie.html

+7
Apr 04 '14 at 14:15
source share

A month ago, I ran into this problem. At first I thought it was a spoiled jug, as I can clear the cookies and leave.

However, he reappeared. This time I spent an hour going through it, seeing what was sent, seeing what sent the safari, and I found the problem.

In this case, I had an array of cookie values ​​sent to the browser after logging in before being redirected. The values ​​looked something like "user id", "full username", "other identifier", etc.

(yes, the identifier is encrypted, so no worries)

The full username was in the format <lastname>, <firstname> .

When safari sent the cookie back to the server, everything is after the decimal point after the last name has been deleted. It was only posting values ​​to this point.

When I removed the comma, the rest of the values ​​started working fine.

So, it seems that if you send a cookie containing a comma, then safari does not allow this to be avoided in the internal storage. This makes me think that if they don't escape because of commas, then there are probably some security issues with the safari cookie handling code.

By the way, this was tested on Win 7 x64 with safari 4.0.5. I also posted a webpage at http://cookietest.livelyconsulting.com/ which shows this exact problem. (I deleted this test site)

IE, FF, and Chrome all set cookies correctly. no safari.

+6
May 06 '10 at 16:00
source share

We came across a very similar issue in which Safari (v. 7.0.6) ignores the cookie. The cookie header looked fine, almost identical to the other cookie that was remembered.

It turned out that the culprit was the previous cookie header with a malformed expires value. Obviously, handling Safari with broken cookie headers is not as reliable as with other browsers.

+3
Sep 04 '14 at 9:27
source share

I'm having a problem with Chrome. Chrome does not ignore the set-cookie header during redirection, but you never know the order (first set a cookie or redirect). Here is what I tried:

I have a website that supports English and French. I implemented it (with php) as follows:

localhost has a link to localhost / fr (which sets the cookie to French and redirects to localhost). It is working. (set cookie first)

localhost / path1 has a link to localhost / fr? return = / path1 (which sets the cookie to French and redirects to localhost / path1). This does not work. (redirect first, language has not changed)

localhost / path1 has a link to localhost / fr? return = www.google.com (which sets a cookie in French and redirects to google). When I returned to my site again, it is in French. (which means that the set-cookie for the French language is not ignored, it is executed only after redirecting)

I hope I make it clear that for me English is a foreign language.

+2
Apr 13 '14 at 12:36 on
source share


More articles:


All Articles