Http Request set duplicate cookies with different values
Reported by
groo...@gmail.com,
Mar 21 2016
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2686.0 Safari/537.36 Example URL: http://localhost:8000 Steps to reproduce the problem: 1. perform an http GET request sending some cookies 2. the response should contains certain cookies depending on server logic 3. What is the expected behavior? Normal session-based authentication, or in general user tracking based on cookies. What went wrong? Sometimes (not always) the browser sets some request cookies twice. Both these 2 cookies have the same identifier but different values. I could notice that the second values seems to be an old cookie value that was set (and then removed) a while ago. In a way the browser still remembers its value. This creates big problem for the backend not able to identify the correct cookie with certainty. Did this work before? Yes It seems until the latest update (not really sure) Chrome version: 51.0.2686.0 Channel: canary OS Version: OS X 10.9.5 Flash Version: Shockwave Flash 21.0 r0 I am developing a web app in angular and to be sure it is not a bug on my side I have tested this with chrome stable, firefox and Safari, they all work correctly. I've also reverted my change to a point when I was sure everything worked correctly and this bug still happens (it did not surely happen before). Also this bug does NOT happen when I browse in incognito mode. It seems that this does NOT happens always BUT in my local app this DOES always happen for a certain url that ahs the form: http://localhost:8000/app/whatever?param=value1¶m=value2¶m=value3¶m=value4&page=1&start=0&limit=25&period=undefined
,
Mar 21 2016
Hello, the dump include personal cookies, how can I safely share it with you?
,
Mar 21 2016
Are you using your test app at localhost:8000? Could you use a fake test account whose cookies don't matter?
,
Mar 22 2016
Hello again, I've looked into the dump and there are also other sensitive data like to google cookies and other information I'd rather not to share publicly. Is there any way I could send you a private email? Btw I could see the duplicated cookie in the dump
,
Mar 22 2016
I see. You can send it to my email: xunjieli@chromium.org.
,
Mar 22 2016
Attaching Internals>Network>Cookies label. In the netlog dump, the first 5 requests to localhost do not have duplicated cookies. The 6th request sends one additional set of cookies (sessionid, csrftoken, etc) in additional to what the first 5 requests were sending. leonard.gentitle@: since this is a recent regression, is it possible to launch your test app somewhere, so I can reproduce and do a bisect? Or if you prefer to keep it confidential, you can do a bisect. Instructions here: http://dev.chromium.org/developers/bisect-builds-py
,
Mar 22 2016
[+mkwst, +jww]
,
Mar 23 2016
Are they actually distinct cookies? That is, do they have distinct paths or domains? xunjieli@: Could you share the dump with me?
,
Mar 23 2016
mkwst@: The reporter did a local bisect, but he didn't get the commit range. He tried "python bisect-builds.py -a mac -g 378081 -b 382459 --use-local-cache", and could not reproduce the bug. He got the message: You are probably looking for a change made after 382449 (known good), but no later than 382459 (first known bad). He thinks the regression might be around 382459. I will share it with you once I get a confirmation from him.
,
Mar 23 2016
51.0.2686.0 maps to 382218, which does not include revisions around 382459, so presumably that range is incorrect.
,
Mar 23 2016
mkwst@: I have shared with you the net-internals dump through email.
,
Mar 23 2016
My bad, I ran the bisect again with: python bisect-builds.py -a mac -g 378081 -b 382218 --use-local-cache --user-data-dir=/path/to/user/dir And I got again the same "You are probably looking for a change made after 382217 (known good), but no later than 382218 (first known bad)." I have used the same User folder of the profile causing the problem. I just want to highlight again: in the version causing the issue (51.0.2686.0) the problem is reproducible only with the specified user profile (synced with google account). If I change user profile or I chose incognito mode then I cannot reproduce the issue. I did disabled (not removed) all the extensions, could it be that they could still create troubles?
,
Apr 22 2016
Just checking, is there any update on this? This is still happening on 52.0.2715.0 canary (64-bit) Mac Osx 10.9.5
,
May 13 2016
52.0.2730.0 canary (64-bit), still happening, could please someone gives an update on this? If this lands in stable will break many applications
,
Nov 4 2016
For a while this problem went away, I'm not sure why but today it's back, on Mac Version 56.0.2908.0 canary (64-bit). See the attached file for an example of a request setting duplicate cookies. Could someone gives me an update on this? This is breaking my application, because it sets old expired cookies and the users will be logged out each time even if they have valid cookies!!
,
Nov 4 2016
Could you go to the page that gets double cookies in chrome, click on the icon on the left of Chrome's address bar, click the "cookies" button, and see if two cookies with the same name are set on different paths/domains?
,
Nov 4 2016
no, just one set of cookies. But once( I can't reproduce it) I've seen two set of cookies (duplicated) on the same path, but I can't be 100% sure until I could reproduce this.
,
May 3 2018
We are experiencing this issue on the latest live chrome browser, the request to our servers have duplicate cookies causing outages.
,
May 3 2018
NVM they have different paths
,
Oct 4
Closing as per #19. This seems to be WAI. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by xunji...@chromium.org
, Mar 21 2016