New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 786019 link

Starred by 1 user

Issue metadata

Status: ExternalDependency
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: 1
Type: Bug

Blocked on:
issue 557356



Sign in to add a comment

Signing in to WashingtonPost.com does not stay after restart

Project Member Reported by pkl@chromium.org, Nov 16 2017

Issue description

App Version (from "Chrome Settings > About Chrome"): 62.0.3202.70
iOS Version: iOS 11.0.3
Device: iPhone SE

Steps to reproduce: 
1. Go to washingtonpost.com
2. Tap on the person icon at the top right. Choose sign in.
3. Choose sign in with email.
4. Enter your email address and password (you'll need an account, but it's free).
5. Sign in.
6. Verify that you are signed in.
7. Double click home button and swipe Chrome up to terminate.
8. Launch Chrome again and visit washingtonpost.com
9. Check if you are still signed in.

Observed behavior: 
10. You are no longer signed in.

Expected behavior: 
10. You should still be signed in.

Additional comments: 
Tried on Safari and Firefox. Both preserved sign in state.
I've tried on current Chrome Canary. Same issue, i.e. sign in state is lost.
 

Comment 1 by pkl@chromium.org, Nov 16 2017

Cc: amym@google.com
Components: -Internals>Network Mobile>WebView>Glue
It would be useful to check if this bug is reproducible with Safari User Agent, ios_web_shell or stock WKWebView app.

Comment 3 by pkl@chromium.org, Nov 16 2017

No different with Safari User-Agent.
I just tested this with the new WKHTTPSystemCookieStore code and it works well, i'm going to spend sometime to see what is the difference for this site from other sites on the current cookie store usage.

Blockedon: 557356
I did some digging and it seems, and made some observations: 
If the user closed the tab after logging in or went to another tab and navigated correctly to a website, then cookies will persist across sessions.

There are some cross origin errors, that i get through debugging: avaScript error: SecurityError (DOM Exception 18): Blocked a frame with origin "https://subscribe.washingtonpost.com" from accessing a frame with origin "https://subscribe.washingtonpost.com". The frame requesting access set "document.domain" to "washingtonpost.com", but the frame being accessed did not. Both must set "document.domain" to the same value to allow access. URL:https://subscribe.washingtonpost.com/loginregistration/index.html#/register/group/long?action=login&destination=https:%2F%2Fwww.washingtonpost.com%2F%3Fnid&rememberme=true


I suspect that the problems with cookies is more related to how do we handle javascript ! but that requires some more investigation.
For now it would be very helpful, if i can know the code flow of setting cookies on the website. 

I'll do more investigation and update the crbug with my final finding and proposed solution 
Mohammad, is it possible to reproduce the problem with ios_web_shell or stock WKWebView app?
I tried with WKWebView stock app and it isn't reproducible 
Update on what i've been doing on this bug:
I've been debugging ios_web_shell in device and taking components apart until i reached a very simple state and the bug was still happening.
So i had to revise the result i got before with the stock WKWebView and it seems results there are flaky:
Stock WKWebView works correctly on iOS11+ only on Simulator (But it doesn't work correctly on ios_web_shell which will enable me to isolate the problem at least in the simulator), in devices it doesn't work at all.

Chrome for iOS doesn't work correctly in both iOS10 and iOS11 on device and simulator.


The work around for now seems to be navigating to another domain's URL (or redirecting) this force the cookies to stay



There seem to be a bug in WKWebView handling setting cookies using javascript: i submitted rdar bug : https://bugreport.apple.com/web/?problemID=35755971
as i started to get this error on WKWebView stock app & on safari 

Comment 11 by pkl@chromium.org, Nov 30 2017

Labels: Hotlist-Radar-Filed

Comment 12 by pkl@chromium.org, Nov 30 2017

For those who cannot see the radar filed (comment 10):
iOS Versions affected:
iOS: 10.0.2 : It works on safari, but it is flaky on WKWebView simple app (on my testing the bug happened 5 out of 15 trys
iOS:11.0 & iOS.1 : The bug happens on Safari & on WKWebView simple app (not consistently).
iOS 11.2 : The bug consistently happens on Safari and on WKWebview simple app.

Note that the test app provided to Apple is simply loading the following URL in a bare minimum WKWebView:
https://subscribe.washingtonpost.com/loginregistration/index.html#/register/group/long?action=login&rememberme=true&destination=https://subscribe.washingtonpost.com/web-views/
Should I escalate this radar to apple? How bad is this given that it only really seems to affect Chrome?

Also, why doesn't this happen in Firefox? What are we doing differently?
This bug also happens in WKWebView and Safari (comment #10). It's actually unclear if the bug is reproducible in Firefox (CL description says so, but CL description also say that the bug is not reproducible in Safari). There is no actual evidence that this is WKWebView issue, and it is possible that the problem is on WP server.
The bug is reproducible with WKWebView in ios11 consistently (it's also reproducible in ios10 put not always so it will be harder to debug there).
I attached a simple WKWebview project that basically open https://subscribe.washingtonpost.com/loginregistration/index.html#/register/group/long?action=login&rememberme=true&destination=https://subscribe.washingtonpost.com/web-views/
so the bug can be tested with.
WKWebView.zip
25.0 KB Download
Status: ExternalDependency (was: Assigned)
Reproducible with stock WKWebView app. 
I've done some extensive testing today for Chrome 64.0 , Safari, and Firefox 10.5 with iOS 11.2.5 & 11.2.2
I used the homepage (https://www.washingtonpost.com) & the terms of service page (https://www.washingtonpost.com/terms-of-service/2011/11/18/gIQAldiYiN_story.html?utm_term=.95326ca50afd)
The result:
Login is persisting 5/5 times on all browsers how ever there is a problem with signing out that i think may be a WaPo website bug (basically sign-out doesn't work at all) 

Comment 18 by pkl@chromium.org, Mar 28 2018

Labels: -M-64 M-67
Components: -Mobile>WebView>Glue Internals>Network>Cookies

Sign in to add a comment