WebView ignores cookie path
Reported by
robert.r...@ingemark.com,
Apr 26 2016
|
|||||||||
Issue descriptionDevice name: Nexus 5X From "Settings > About Chrome" Application version: OS: Android 6.0.1 URLs (if applicable): Behavior in Android Browser (if applicable): When a website is opened inside a WebView with a Cookie path other than "path=/" (i.e. "path=/test"), the Cookie is ignored and not stored in the Cookie store. Cookies with the "path=/" path are stored normally. Steps to reproduce: (1) Open a webpage inside a Webview with a Cookie other than "path=/" (2) Remote debug network traffic (3) Said Cookie is not stored in the Cookie store Expected result: Cookie with predefined path is stored within the Cookie store Actual result: Cookie with path other than "path=/" is ignored
,
Apr 29 2016
,
May 4 2016
I don't work in Networking and Newton is not working on Chrome for Android anymore. Maybe Mike knows a good candidate (or is one).
,
May 11 2016
Hello, Could you please leave a feedback on how this issue tracking is going, since it is a bit urgent. Thanks
,
May 11 2016
Any detail about when this might have started happening?
,
May 11 2016
+torne@
,
May 11 2016
It started happening last month during some tests while accessing different CDNs
,
May 11 2016
What version of WebView? Can you provide an app that reproduces the issue?
,
May 11 2016
Version Chrome/50.0.2661.86 Unfortunately I cannot share an app because it has classified data within its URLs, but you can easily try it out yourself by making an Apache website which returns a cookie with a path different than "path=/". Then when debugging it on remote in Chrome you can see that the said cookie is ignored.
,
May 11 2016
Was there a previous version where it was working?
,
May 11 2016
Unfortunately not, it is a very peculiar bug and we noticed it just lately
,
May 11 2016
Can't reproduce this with webview 50.0.2661.86. I threw up a trivial appengine app to try it: 1) http://robotic-parsec-130814.appspot.com/foobar/set sets a cookie "foo=bar" with path "/foobar" 2) http://robotic-parsec-130814.appspot.com/foobar/get displays the value of the "foo" cookie Doing this with WebView worked fine - the correct cookie headers show up in network requests, and the stored cookie is visible (with the correct path) in devtools's cookie store tab as well. So, unless you can provide more specific information on how to reproduce this, I don't think we can do anything. Either provide a server that we can test against, or an app that uses webview in a similar way to yours that can be pointed at a test server like the one I just put together, or both, to work out where the problem is.
,
May 11 2016
Setting back to "unconfirmed" and unassigning for now until we have more info. (also removing myself from cc as I already get all webview issues mailed to me anyhow) :)
,
May 23 2016
We've fixed the issue by setting the webview to accept third party cookies.
,
May 23 2016
Could you explain a bit more? It's not clear whether your case should have been treated as a third party cookie or not, so even if enabling third party cookies fixes it for you, there may still be a bug in WebView. Could you tell us what the URL of the page setting the cookie, and the path it was setting, were?
,
May 23 2016
Thank you for providing more feedback. Adding requester "torne@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 23 2016
Actually I didn't know that all versions from Lollipop onward disabled third party cookies by default, and the CookieManager method to enable them is not intuitive enough. I tried out a lot of things and it turned out that CookieManager.getInstance().setAcceptThirdPartyCookies(*webview*, true) fixed the issue.
,
May 23 2016
Right, but what I'm asking is, is the cookie you are setting actually a third party cookie? i.e. is it correct that it wasn't letting you set it? Just setting the path shouldn't make something third party, afaik.
,
Jun 29 2016
robert.rausel: can you respond to torne's question?
,
Jun 30 2016
Hi, sorry for the delay, got caught up in a lot of projects. It is indeed a third party cookie set directly from the CDN. It wasn't letting me set it until I added setAcceptThirdPartyCookies. Enabling this fixed it.
,
Jun 30 2016
Thank you for providing more feedback. Adding requester "torne@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 30 2016
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by elawrence@chromium.org
, Apr 27 2016