Safari keeps logging me out...

Alan Pinstein wrote:
Also, note that I think maybe all session cookies are dropped when this happens; I often notice that when I get logged out in one tab from this "bug", when I go to other tabs and continue to browse I am usually asked to re-auth on those completely different web sites as well.

Just to confirm your observation: it looks like Safari drops all transient cookies at once at least in all open tabs within single window. By the way, did you use multiple tabs/windows or just one tab in single window is enough to drop session cookie? I always have about 10 tabs open in my "workflow" Safari window. Just trying to narrow research range...

rushproject wrote:

Alan Pinstein wrote:
Also, note that I think maybe all session cookies are dropped when this happens; I often notice that when I get logged out in one tab from this "bug", when I go to other tabs and continue to browse I am usually asked to re-auth on those completely different web sites as well.

Just to confirm your observation: it looks like Safari drops all transient cookies at once at least in all open tabs within single window. By the way, did you use multiple tabs/windows or just one tab in single window is enough to drop session cookie? I always have about 10 tabs open in my "workflow" Safari window. Just trying to narrow research range...

I had never thought about the tabs/windows thing. I guess that's my programmers mind at work -- I don't see how tabs/windows would intersect, so I never thought about it.

FWIW I typically just have one window with lots of tabs open. I am pretty sure but not certain I've seen the bug with only 1 tab in 1 window. I am also pretty sure I've been logged out across multiple windows in instances when I am using them. I think those facts support my original thought that cookie management doesn't have anything to do with windows/tabs.

Same problem here, for what it's worth. Safari logs me out within minutes, even if the tab with the website concerned is in focus.

I had the same problem. One of the most annoying I have had. Seems to have been a Safari problem that has been fixed with Safari 5.0.1

Elias Martinez wrote:
I had the same problem. One of the most annoying I have had. Seems to have been a Safari problem that has been fixed with Safari 5.0.1

I'm on Safari 5.0.1 here and the problem is still the same.

still have problem,
logs out of aol, msn, and facebook all the time
also does some other sites

So this problem has now been around for FOUR MONTHS, a third of the year, and still no fix. Still the same problems every day. And not one fix from Apple. This is ridiculous. I switched over to this platform specifically to avoid this kind of nonsense i was dealing with on PCs.

DisneysFolly wrote:
So this problem has now been around for FOUR MONTHS, a third of the year, and still no fix. Still the same problems every day. And not one fix from Apple. This is ridiculous. I switched over to this platform specifically to avoid this kind of nonsense i was dealing with on PCs.

As far as I understand, Apple does not believe the problem exist. They can't reproduce it, so they are not "jumping into analysis mode". So far only Safari users are in "analysis mode". The users, not Apple, invested their time and managed to isolate problem (browser dropping transient cookies). What next? Somebody doing reverse engineering to fix the error? Wake up, Apple. You have a nasty bug in your software!

If you're a web developer (like me) facing this issue with your web site, I found a possible way to workaround it. The concept is basically to re-create a new session cookie, duplicating the data that was already stored in the previous session cookie.

If you're in PHP, this is what I'm talking about (I'm sure other languages have similar functions): http://php.net/manual/en/function.session-regenerate-id.php

By calling this every now and then (for my app, once every 50 calls -- you'll have to balance accordingly to your app), Safari ends up always having a recent session ID cookie instead of any old one -- and from my tests over here that stops it from losing the data.

It's a shame that we have to do this… Apple should really fix the problem.

barbutti47 wrote:
If you're a web developer (like me) facing this issue with your web site, I found a possible way to workaround it. The concept is basically to re-create a new session cookie, duplicating the data that was already stored in the previous session cookie.

If you're in PHP, this is what I'm talking about (I'm sure other languages have similar functions): http://php.net/manual/en/function.session-regenerate-id.php

By calling this every now and then (for my app, once every 50 calls -- you'll have to balance accordingly to your app), Safari ends up always having a recent session ID cookie instead of any old one -- and from my tests over here that stops it from losing the data.

This won't work, at least not unless you do it every call. The cause of the problem is that safari spuriously not sending the session cookie on a request. Thus unless (and maybe even if) you send a new session cookie on every request, then when safari "fails" you will lose you session.

Alan Pinstein wrote:

barbutti47 wrote:
If you're a web developer (like me) facing this issue with your web site, I found a possible way to workaround it. The concept is basically to re-create a new session cookie, duplicating the data that was already stored in the previous session cookie.

If you're in PHP, this is what I'm talking about (I'm sure other languages have similar functions): http://php.net/manual/en/function.session-regenerate-id.php

By calling this every now and then (for my app, once every 50 calls -- you'll have to balance accordingly to your app), Safari ends up always having a recent session ID cookie instead of any old one -- and from my tests over here that stops it from losing the data.

This won't work, at least not unless you do it every call. The cause of the problem is that safari spuriously not sending the session cookie on a request. Thus unless (and maybe even if) you send a new session cookie on every request, then when safari "fails" you will lose you session.

From our tests, it works. We were also getting logged out all the time, now we're 2 straight days connected. So it's an idea if developers are looking at this thread trying to figure out what's happening.

Safari doesn't send the session ID at a certain calls because it expires the cookie earlier than it should. Regenerating it every now and then, fixes this expiration problem by keeping the cookie fresher.

Again, it worked from our tests and in our webapp. Could be useful for other developers.

From our tests, it works. We were also getting logged out all the time, now we're 2 straight days connected. So it's an idea if developers are looking at this thread trying to figure out what's happening.

Safari doesn't send the session ID at a certain calls because it expires the cookie earlier than it should. Regenerating it every now and then, fixes this expiration problem by keeping the cookie fresher.

Again, it worked from our tests and in our webapp. Could be useful for other developers.

Interesting. That wouldn't work from what I've seen. Sometimes I log in, the "you are logged in" page shows, and the next request doesn't send the cookie.

Thus unless you did it every time, I'd think that the above flow would still log you out.

Alan: do the session cookies actually disappear from the Cookie dialog in Safari's prefs?

NP Complete wrote:
Alan: do the session cookies actually disappear from the Cookie dialog in Safari's prefs?

Yes.

I have actually just taken the time to reproduce the bug again with the safari "cookies" window open. I recorded a screencast as well that clearly demonstrates the session cookie disappearing.

Also I should point out that it seems to kill all my session cookies when this happens, not just the domain in question. Very strange.

I'd rather not share the screencast publicly. Please email me and I will make it available to you.

Regards,
Alan

Thanks Alan, your info has been most helpful. I don't think I'll need to look at your screenshot after all.

I think I've got a working theory on the issue now.