Signing in to WashingtonPost.com does not stay after restart |
|||||||||||
Issue descriptionApp Version (from "Chrome Settings > About Chrome"): 62.0.3202.70 iOS Version: iOS 11.0.3 Device: iPhone SE Steps to reproduce: 1. Go to washingtonpost.com 2. Tap on the person icon at the top right. Choose sign in. 3. Choose sign in with email. 4. Enter your email address and password (you'll need an account, but it's free). 5. Sign in. 6. Verify that you are signed in. 7. Double click home button and swipe Chrome up to terminate. 8. Launch Chrome again and visit washingtonpost.com 9. Check if you are still signed in. Observed behavior: 10. You are no longer signed in. Expected behavior: 10. You should still be signed in. Additional comments: Tried on Safari and Firefox. Both preserved sign in state. I've tried on current Chrome Canary. Same issue, i.e. sign in state is lost.
,
Nov 16 2017
It would be useful to check if this bug is reproducible with Safari User Agent, ios_web_shell or stock WKWebView app.
,
Nov 16 2017
No different with Safari User-Agent.
,
Nov 16 2017
I just tested this with the new WKHTTPSystemCookieStore code and it works well, i'm going to spend sometime to see what is the difference for this site from other sites on the current cookie store usage.
,
Nov 16 2017
,
Nov 18 2017
I did some digging and it seems, and made some observations: If the user closed the tab after logging in or went to another tab and navigated correctly to a website, then cookies will persist across sessions. There are some cross origin errors, that i get through debugging: avaScript error: SecurityError (DOM Exception 18): Blocked a frame with origin "https://subscribe.washingtonpost.com" from accessing a frame with origin "https://subscribe.washingtonpost.com". The frame requesting access set "document.domain" to "washingtonpost.com", but the frame being accessed did not. Both must set "document.domain" to the same value to allow access. URL:https://subscribe.washingtonpost.com/loginregistration/index.html#/register/group/long?action=login&destination=https:%2F%2Fwww.washingtonpost.com%2F%3Fnid&rememberme=true I suspect that the problems with cookies is more related to how do we handle javascript ! but that requires some more investigation. For now it would be very helpful, if i can know the code flow of setting cookies on the website. I'll do more investigation and update the crbug with my final finding and proposed solution
,
Nov 18 2017
Mohammad, is it possible to reproduce the problem with ios_web_shell or stock WKWebView app?
,
Nov 19 2017
I tried with WKWebView stock app and it isn't reproducible
,
Nov 27 2017
Update on what i've been doing on this bug: I've been debugging ios_web_shell in device and taking components apart until i reached a very simple state and the bug was still happening. So i had to revise the result i got before with the stock WKWebView and it seems results there are flaky: Stock WKWebView works correctly on iOS11+ only on Simulator (But it doesn't work correctly on ios_web_shell which will enable me to isolate the problem at least in the simulator), in devices it doesn't work at all. Chrome for iOS doesn't work correctly in both iOS10 and iOS11 on device and simulator. The work around for now seems to be navigating to another domain's URL (or redirecting) this force the cookies to stay
,
Nov 29 2017
There seem to be a bug in WKWebView handling setting cookies using javascript: i submitted rdar bug : https://bugreport.apple.com/web/?problemID=35755971 as i started to get this error on WKWebView stock app & on safari
,
Nov 30 2017
,
Nov 30 2017
For those who cannot see the radar filed (comment 10): iOS Versions affected: iOS: 10.0.2 : It works on safari, but it is flaky on WKWebView simple app (on my testing the bug happened 5 out of 15 trys iOS:11.0 & iOS.1 : The bug happens on Safari & on WKWebView simple app (not consistently). iOS 11.2 : The bug consistently happens on Safari and on WKWebview simple app. Note that the test app provided to Apple is simply loading the following URL in a bare minimum WKWebView: https://subscribe.washingtonpost.com/loginregistration/index.html#/register/group/long?action=login&rememberme=true&destination=https://subscribe.washingtonpost.com/web-views/
,
Dec 1 2017
Should I escalate this radar to apple? How bad is this given that it only really seems to affect Chrome? Also, why doesn't this happen in Firefox? What are we doing differently?
,
Dec 1 2017
This bug also happens in WKWebView and Safari (comment #10). It's actually unclear if the bug is reproducible in Firefox (CL description says so, but CL description also say that the bug is not reproducible in Safari). There is no actual evidence that this is WKWebView issue, and it is possible that the problem is on WP server.
,
Dec 1 2017
The bug is reproducible with WKWebView in ios11 consistently (it's also reproducible in ios10 put not always so it will be harder to debug there). I attached a simple WKWebview project that basically open https://subscribe.washingtonpost.com/loginregistration/index.html#/register/group/long?action=login&rememberme=true&destination=https://subscribe.washingtonpost.com/web-views/ so the bug can be tested with.
,
Dec 15 2017
Reproducible with stock WKWebView app.
,
Jan 31 2018
I've done some extensive testing today for Chrome 64.0 , Safari, and Firefox 10.5 with iOS 11.2.5 & 11.2.2 I used the homepage (https://www.washingtonpost.com) & the terms of service page (https://www.washingtonpost.com/terms-of-service/2011/11/18/gIQAldiYiN_story.html?utm_term=.95326ca50afd) The result: Login is persisting 5/5 times on all browsers how ever there is a problem with signing out that i think may be a WaPo website bug (basically sign-out doesn't work at all)
,
Mar 28 2018
,
Oct 19
|
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by pkl@chromium.org
, Nov 16 2017