StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>A month ago, I ran into this issue. At first I thought it was a corrupted cookie jar as I could clean out the cookies and go.</p> <p>However, it popped up again. This time I spent an hour going through it, watching what was sent, reviewing what safari sent back, and I found the problem.</p> <p>In this case, I had an array of cookie values being sent to the browser after login prior to the redirect. The values looked something like 'user id', 'user full name', 'some other id', etc.</p> <p>( yes, the id's are encrypted so no worries there )</p> <p>My user full name was actually in a <code><lastname>, <firstname></code> format.</p> <p>When safari was posting the cookie back to the server, everything after the comma after the lastname was dropped. It was only posting back values up to that point.</p> <p>When i removed the comma the rest of the values started working just fine. </p> <p>So it appears that if you send a cookie value that contains a comma, then safari doesn't properly escape that in it's internal storage. Which leads me to think that if they aren't properly escaping commas, then there are probably some security issues with safari's cookie handling code. </p> <p>Incidentally, this was tested on Win 7 x64 with safari 4.0.5. <strike>Also I put up a web page at: <a href="http://cookietest.livelyconsulting.com/" rel="nofollow noreferrer">http://cookietest.livelyconsulting.com/</a> which shows this exact problem.</strike><em>(I removed that test site)</em> </p> <p>IE, FF, and chrome all correctly set the cookie. safari does not. </p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload