New issue
Advanced search Search tips

Issue 757472 link

Starred by 6 users
Status: Assigned
Owner:
paulir...@chromium.org
Cc:
pfeldman@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

DevTools won't show all cookies of a host/domain in Application -> Storage -> Cookies

Reported by gub...@gmail.com, Aug 21 2017 
Chrome Version       : 60.0.3112.101
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
URLs (if applicable) :

What steps will reproduce the problem?
1. Create a webapp reachable via http (say port 8080) and https (port 8443)
2. Log into webapp via http :8080, i.e. create insecure cookies (session cookie for example)
3. Cookie will be visible for http site and https "site", both sites will work fine.
4. Remove cookie and login again, this time via https :8443, creating a secure session cookie

What is the expected result?
All cookies matching to a host or domain are visible to a developer in the dev tools, regardless of the host's port and the cookie's path and secure flag. It's the developers task to understand which cookies are actually sent to a certain url of the host and he/she should be able to modify all of them.

What happens instead of that?
Cookies will be visible in dev tools via 8443 "site" but not 8080 "site".

The http :8080 site will be broken (endless login) because it cannot create insecure session cookies that overwrite the secure one. This is expected behaviour if you know of https://www.chromestatus.com/feature/4506322921848832. But if you don't and the developer is unable to debug or understand this due not seeing the blocking secure cookies (there is no console warning), it will create bug reports (as has happened here).

UserAgentString: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36

There is a thread here: https://groups.google.com/forum/#!topic/google-chrome-developer-tools/rSbJ1m2F3HY

I will also attach screenshots
01 - logged in via http: insecure cookies created and visible in http :8080 site
02 - same view in https :8443 site - cookies visible
03 - removed cookies and logged in via https :8443: secure cookies created and visble in https :8443 site
04 - same view in http :8080 site - cookies not visible even though they exist and block insecure cookies
01-http.insecure.png
21.6 KB View Download
02-https.insecure.png
19.4 KB View Download
03-https.secure.png
21.1 KB View Download
04-http.secure.png
17.0 KB View Download

Comment 1 by manoranj...@chromium.org, Aug 21 2017

Labels: -Pri-3 Needs-Triage-M60 Pri-2

Comment 2 by krajshree@chromium.org, Aug 23 2017

Cc: pfeldman@chromium.org
Components: Platform>DevTools
Labels: Needs-Feedback
Requesting pfeldman@ to please have a look into the issue as it is related to creating a webapp which is outside TE-scope.

Thanks...!!

Comment 3 by pfeldman@chromium.org, Aug 23 2017

Owner: phulce@chromium.org
Status: Assigned (was: Unconfirmed)
@phulce: what do you think? seems to be a subtle, yet annoying when it actually hits the user...

Comment 4 by phulce@chromium.org, Aug 23 2017 

Yeah this seems like it deserves a fix. If the cookie is affecting the page in some way, whether directly or by preventing the setting of other cookies, it should probably be visible in the panel even if it doesn't *necessarily* apply.

Comment 5 by manoranj...@chromium.org, Aug 29 2017

Labels: -Needs-Feedback -Needs-Triage-M60 M-62

Comment 6 by leo.ze...@gmail.com, Jan 9 2018 

The issue appears as well when developing an Angular app and Tomcat is redirected via a proxy. Than the session cookies are also not shown. 

Any progress in this area?

Comment 7 by janac.me...@gmail.com, Jun 14 2018 

Seeing this issue when running a secure app on an unsecured localhost

Comment 8 by dgozman@chromium.org, Oct 31

Owner: paulir...@chromium.org

Sign in to add a comment