We found a problem in our application where Safari on Mac accidentally re-creates the cookie to log in from a session with a session disconnected.
I have a fiddler archive with this behavior here . Please note that some things have been removed from this to make it easier to get, but nothing that sets a cookie or anything else is deduced - only repeating requests 3-8.
I will tell you about the current order
- Request 1: the user logs out through a call to /logout.aspx - Set-Cookie returned the setting cookie expiration date in 1999
- Requests 2-8: the user refreshes the login page by sending root calls or / res / en -US / s.js - the cookie is not sent to the server or is not returned, and access is denied. I cut a lot of queries of this kind out of the log because they are boring.
- Request 9: request / res / en -US / s.js - Hv3 authentication cookie mysteriously reappears! Wat. There was nothing! WTFF!
- Request 10+: now the cookie reappeared, the site registers the user in AGAIN
The cookie when it is checked in Safari looks like
<dict>
<key>Created</key>
<real>259603523.26834899</real>
<key>Domain</key>
<string>.mysite.dev</string>
<key>Expires</key>
<date>2010-03-24T16:05:22Z</date>
<key>HttpOnly</key>
<string>TRUE</string>
<key>Name</key>
<string>.Hv3</string>
<key>Path</key>
<string>/</string>
</dict>
It should be noted that in Safari, the cookie domain is.mysite.dev, not mysite.dev (which is the cookie domain specified in web.config) - however, given that access is denied in requests 2-8, it looks like the cookie has expired . If you look in the browser cookie list for 2-8, cookie.Hv3 does not exist.
Safari?
, ?