Since 10.5.6, Safari can't maintain session at Gmail, Facebook, others

Re "Maybe no one at Apple is reading this forum:"

"Mark Pauley" of Apple has posted to this very thread.

Message was edited by: ryantate

Installing Google Gears and enabling offline GMail seems to solve the problem completely. I realize this is a really weird workaround, but it works.

Almost 4 MONTHS has gone past with Apple being aware of this issue and we have had absolutely no communication or bulletin's from them, not even recognition of the issue itself! and i have finally had enough of using this useless browser!!!!

I have been using firefox on and off since this issue showed up and I even downloaded Safari 4 with the hope that it would be fixed......but no, the problem is still there!!! Despite all the comments around Firefox being slow and clunky i have been monitoring it and the actual difference in resource usage between the two is minimal, especially considering one works and one doesn't!!!!!

So as of today im closing Safari for the last time, i will keep an eye on this thread to see if they ever fix it but i wont be changing back in a hurry! It is sad to say, but the fact that Apple are just turning a blind eye on this issue (even to the point that their new browser still has the issue) is just another example of how they are slowly becoming more like their biggest competitor!!

Safari 4 solved this issue for me.

Having the same issues especially with smugmug (the most irritating example) where I have to refresh twice in order to see each gallery. but also my online banking and sometimes facebook.

I'm using safari 4 and I am still experiencing the problem of not being able to stay logged in.

Identical problem with smugmug here. Doesn't seem to matter if I'm logged in or logged out. Still have to hit "Refresh" twice to see the thumbnails. The site is fine when I view it at work on a windows machine. Smugmug tech support sent me here.

No problems with on-line banking or g-mail (yet?)

Thanks for the info. I've got a test tool, let me give it a try. The trailing comma would definitely be ambiguous to the cookie parser, but shouldn't nuke your cookies DB.

Could you give me an example? I need something like this:

GET of https://foo.bar.com/a/sample/resource => Set-Cookie: bad cookie=badvalue; path=/; etc

then a subsequent GET of https://foo.bar.com/another/sample/resource fails to contain the cookie.

thanks

I'm sure that will cause problems. Especially if you log out in one context and log in with another. Webapps often keep session state in multiple cookie values, having multiple clients share session state will lead to confusion, since some of the state is likely stored in session only form, i.e. you're only sharing part of the session state, and it doesn't match up.

Are you saying that this same setup used to work before 10.5.6?

The cookie fixes were all included in the Security Update 009-01 release. Safari 4 uses the underlying OS API, so both Safari 3 and Safari 4 should behave the same on Security Update 009-01.

I'm sorry to hear that Zappaz.

I'm the engineer in charge of Cookie support for Mac OS X, and I have been following and asking questions in this forum nearly since the thread was started.

The cookie behavior has certainly gotten better (I've found and fixed many issues reported here), but is apparently not yet perfect. I will continue to monitor this thread and attempt to isolate issues as they are reported. Thanks for coming here and adding to the discussion. Believe it or not, reports of cookie issues in the wild is really the only way I can build a comprehensive 'working specification' for cookie behavior, since there really are quite a few questionable cookies out on the web. Every time I see a new issue, it is added to a large suite of compatibility tests to ensure that our behavior won't break compatibility in the future.

In the meantime, please make sure you have the Security Update 009-01 release installed on your system before filing cookie bugs. We stretched sec update guidelines to bring you non-security fixes specifically to fix the gmail 400 bug as well as the multiple client cookie loss issue.

thanks

_Mark

Great having your help here, Mark.

This problem has driven me nuts. I’ve spent hours troubleshooting it. Nothing that other people suggested fixed it. I have no adium, no web clippings, no Gmail, nothing in the dashboard. The problem is worst on Amazon. I login and a minute later it asks me to login again. After logging in again, on the very next page I get “your session has expired”.

I moved to Safari 4 Public Beta (5528.16) and it’s fixed. But now Safari bookmarks scrolling hangs every time for a bit, but that’s the lesser of evils.

Safari 3.2.1 10.5.6. Mac Pro 2X-Quad-Core Intel Xeon 2.8 GHz

Mark,
was the problem of
"Safari is not passing secure cookies back to the server through https as it is supposed to."
ever looked at? I am waiting for this fix for a long time now, as my Dashboard widget does not work without it.

To elaborate,
the call
request.setRequestHeader("Cookie", requestCookieString);
does not work as expected.

There must be something you could do, plz. My users are complaining that i'm a bad developer, with a widget which doesn;t work, lol. It's quite sad, that I have to wait so long , to be able to offer them a fix.

Thanks,

Message was edited by: paulina7m

Message was edited by: paulina7m