Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Safari 5 not sending all cookies back to the server

Tags:

cookies

safari

I'm seeing this issue with Safari 5 (actually it has been prevalent since at least 4.0.5), where it seems that it does not set cookies properly. The site works perfectly fine for Firefox, IE, and Chrome.

However, I can verify that the cookie is being properly set by looking at Safari's cookies plist that it uses. On Windows 7 it's stored here: C:\Users\\AppData\Roaming\Apple Computer\Safari\Cookies\Cookies.plist

Now the site that I am working on uses cookies quite extensively and are stored across different domains.

Let's say for example, the site is www.foo.com. The login cookie is set to domain .foo.com. In addition, other cookies are stored to domain www.foo.com, a.foo.com, b.foo.com, etc.

Safari seems to get confused when going to www.foo.com and "forgets" to sends all of the cookies that it should (www.foo.com, .foo.com).

I am not sure if this is an error on my side (invalid characters in the cookie) or if this is a bug with Safari. I'd like to know if anybody has come across this and has found a

Thanks!

Edit: The one cookie that I am concerned about is quite big, a little less than 4k in length. It contains encoded information and the characters that it consists of are alphanumerics and / + _ =

Now what's strange is that, depending on the domain the cookie gets set to, the cookie works fine by itself. However, when the user logs in, another cookie gets added and Safari seems to ignore the first one. Safari sends the login cookie fine and it consists of alphanumerics along with [ ] _ \

My original thought was that it could be a domain conflict. The first cookie was being set to www.foo.com while the login cookie was being set to .foo.com. However, I tested this theory, setting them both to .foo.com, and the issue still remains.

like image 561
zeerowkewl Avatar asked Jun 29 '10 01:06

zeerowkewl


People also ask

Does browser send all cookies to server?

No. Not every request sends the cookies. It depends on the cookie configuration and client-server connection. For example, if your cookie's secure option is set to true then it must be transmitted over a secure HTTPS connection.

How do I send cookies back to server?

To send cookies to the server, you need to add the "Cookie: name=value" header to your request. To send multiple Cookies in one cookie header, you can separate them with semicolons. In this Send Cookies example, we are sending HTTP cookies to the ReqBin echo URL.

How do I get my cookies back on Safari?

Step 1: Go to Settings, then scroll down and select “Safari”. Step 2: Scroll down to “Privacy & Security”. Step 3: Verify “Block All Cookies” is ticked (green/white), click to allow cookies. Step 4: Clear the browser cache and reopen the browser.

How do I allow cross domain cookies in Safari?

Open the Safari browser. From the menu bar, go to Safari > Preferences. In the preferences dialog, go to the Privacy tab and disable the Prevent cross-site tracking permission.


1 Answers

Have a look at the browser size limits here. Safari 5 has a 4kb limit per request. So if the total size of all cookies for the domain (including associated wildcard domains) exceeds 4k, you'll begin to lose cookies. I believe the logic is that the oldest cookie will be sacrificed first, until the total cookie header size is below 4k.

We're currently having an issue with this problem ourselves, but have also identified another scenario in which cookies are lost, though we've yet to understand why this is the case.

Given the large size of a single cookie of yours, it's likely that a following request adds a new cookie, bumping the total size over the limit.

like image 149
Simon Avatar answered Sep 18 '22 22:09

Simon