Safari keeps logging me out...

Any word when this is going to be resolved? I dont have time to redo my OS and all that. Please Apple_ I am tired of re-logging into AOL every 5 minutes 😟

Cookie handling did change in the 10.6.4 upgrade. I know for a fact that cookies are sorted differently now (i.e. not-exactly-alphabetically) in replies to websites. This is causing us problems with logins to ADFS-enabled websites. Before the 10.6.4 upgrade Safari 5.0 did just fine.

BTW, since the problematic cookie handling is in Mac OS X 10.6.4, using something like Multi-Safari doesn't help.

What exactly is "Multi-Safari"?? I keep three websites open in one window. I don't use multiple windows, if that's what you're referring to.

Anybody from Apple reading this?
7 pages deep and still not even a slight word of a fix?
This bug makes Safari near useless as a browser.

I'm having the SAME PROBLEM. The keychain crap is not an issue. I know how to use my keychains. Ever since the stupid update, I have dealt with one issue after another. Within a few hours of downloading the new version, Flash stopped working. And it forced ALL browsers to crash. I tried multiple things, but I finally fixed it when I changed the dns. Sadly, my friend (who uses the same locked router but with a Sony) has noticed that the router is constantly losing a signal now. Oh, goodie. And this logging in/logging out is so annoying. And wouldn't you know that as I start to reply to this thread, it logs me in, and then when I click on the topic again, I'm already logged out!!! Is there any REAL solution?

RedGeminiPA wrote:
What exactly is "Multi-Safari"?? I keep three websites open in one window. I don't use multiple windows, if that's what you're referring to.

Multi-Safari ( http://michelf.com/projects/multi-safari/) is a project which offers older versions of Safari, allowing you to use e.g. Safari 4.0.5 again even after having upgraded to Safari 5.0. However, since the problem is in a cookie-handling library of the OS, a Multi-Safari version experiences the same problems as Safari 5.0 😟 Or from the Multi-Safari project page: "HTTP requests and cookies however are still handled by the system and may not work exactly the same."

For some problems with Safari 5.0, it might be worth trying Multi-Safari though.

Message was edited by: BVdB

Everyone,

I seem to have fixed this on my MacBook.

I simply went to the Safari download page and reinstalled Safari 5. Before I was being logged out every minute or so. Now I don't seem to have any problems at all.

Unfortunately this isn't a working solution for me. Downloaded and installed Safari 5 a few hours ago and the problem is still apparent 😟

wow... safari keeps logging me out on numerous sites..!
i have to log in every few mins now...
is there any solution , i am gonna go try reinstall safari 5

So, any news? This is still very annoying.

rushproject: the claims on that website are true, and their cookies are in violation of RFC 2616. This is what double-quoted values are for, if a cookie value is encapsulated in double-quotes any string of characters may be used.

Re-installing Safari will have NO effect. I wouldn't waste your time doing this. Rolling back will similarly have no effect.

There are some known reasons that cookies may be lost:

1) A change in 10.6.3 that limits cookies to 4k per request coupled with the failure to throw out the oldest cookies first will allow a site to 'Denial of service' themself by setting a very large cookie. This generally looks to the web app as if cookies are not enabled (since the app can't actually set new cookies). This was resolved in 10.6.4, which now throws the oldest cookies away first when the total size of the Cookie header exceeds the 4k limit. A new possible issue here could be if the site expects the cookies to come back in the order in which they're set. Since cookie ordering isn't defined this would really be not-advisable.

2) A user's cookies for some reason can't be written to disk. This will manifest itself in a total loss of any non-session cookies (cookies that contain an expiration date or a max-age attribute). To make sure your cookies database is writable, go to ~/Library/Cookies/Cookies.plist and make sure that you've got read and write access to the file and that it's not locked. If all else fails (perhaps the plist is somehow corrupt): quit Safari, delete the ~/Libarary/Cookies/Cookies.plist file manually and restart Safari.

3) Some embedded widget on a site is requiring that 3rd party cookies be enabled. This for example can happen with Facebook widgets (where any widget may want to update your Facebook session cookie). When the widget can't update the session cookie, Facebook grabs its toys and goes home. Next time you go to Facebook, you will have to re-login. Note: this isn't Facebook's fault, it's just an incompatibility of the 3rd party cookie policy with FB's infrastructure needs.

4) There is a very rare race condition where two networking apps may stomp on each other's non-session cookies. This is very rare, but perhaps some pathological edge case is causing this to happen more often for some people. I would be interested to hear if quitting non-safari networking apps allows Safari users to stay logged in for longer periods of time.

NP Complete wrote:
rushproject: the claims on that website are true, and their cookies are in violation of RFC 2616.

Not sure about this, does it mean that the random logout problem is not the Safari problem. Just too many web sites "are in violation of some RFC", while Apple "does it just right"?

I know for sure that you can hardly find a web site having 100% compliant and error free HTML and Javascript code. But as long as the goal of web browser designers is to ensure web browsing and usability for customers rather than to enforce standards compliance by web site owners, this should not be a problem.

rushproject wrote:
Not sure about this, does it mean that the random logout problem is not the Safari problem. Just too many web sites "are in violation of some RFC", while Apple "does it just right"?

I know for sure that you can hardly find a web site having 100% compliant and error free HTML and Javascript code. But as long as the goal of web browser designers is to ensure web browsing and usability for customers rather than to enforce standards compliance by web site owners, this should not be a problem.

You're right. The goal is to ensure that web apps tested to work with one browser generally work on all browsers.

Obviously there is a tradeoff. In the case of non-compliant HTML (and cookies), there are venial sins and there are mortal sins. The 'comma-space' character in a cookie value isn't typically used, but really clashes with the established http specs.

One of the main problems is that (until recently) there hasn't been a browser-consensus on how to deal with real-world cookies. Browsers literally flip-flop behavior until this issue or that is resolved because it works in I.E. or Firefox. Luckily Adam Barth has come up with a real solution in the form of http://tools.ietf.org/html/draft-abarth-cookie-07 . So hopefully the current cookie practices of major browsers can at least be locked in stone.

In any case, I don't see any evidence to suggest that a cookie incompatibility of this sort would cookie loss. It might cause a site to fail to set cookies, but ought not cause a user to get logged out of a site she's successfully logged in to already. See my above comment for more info.