159045 Views Previous 1 2 3 4 … Next 242 Replies Latest reply: Jan 6, 2015 5:41 AM by I'AmMe Go to original post
The problem is not this forum. It's Safari 4.0.5, it's logging people out on every website prematurely, like in the middle of completing a stock purchase etc.
Here is what seem to be going on. Safari is deleting cookies whenever it clears temporary cache data. And by default, it's setting the temp data size to 5 Mb (Safari -> Preference -> Security dialog)
Work-around, set the "Database Storage" size in the above preference to a bigger size you're comfortable with. Safari will starting corrupting cookies when that size is reached. To avoid that, regularly Empty Cache, and Clear History to keep data under that size.
It appears to be a problem with how Safari is reading cookies now. I found more information here:
Justin Couto wrote:
Last week one of our client that is on Community Server 2008.5 suddenly started getting lots of
compaints of people getting auto logged out of their site while running Safari. All of the people
complaining had just updated their Macs and immediately began experiencing this problem.
Other Mac users on the site that didn't install the update had no issues. As more and more
people got the update the problem became bigger and bigger. Since this community has a
significant Mac user base, they wanted us to look into the problem.
The first thing we did was try to replicate it on our end in a default installation of CS 2008.5 and
we were able to do so. Next, we tried to replicate it on Telligent Community 5.5 and we were able
to do so. This issue is happening on Mac, Windows Safari version 4.0.5, iPhone with latest
updates, and on the iPad.
The next thing we did was look at the cookies getting moved across the wire with fiddler. What
we found is that on the latest version of Safari the cookies were not looking the same as they do
in every other browser. After lots of tests, we determined that Safari is breaking while parsing the
comma which we think is messing up the cookie collection.
We realize that the cookie mentioned above doesn't have anything to do with authentication, but
we think it is causing issues with Safari's ability to pass the rest of the cookies.
Since our client was on Community Server 2008.5 and we have the source, we changed the format
of the Date/Time to not include commas. We then recompiled and deployed the patch. This fixed
all the issues the client was having and we could no longer replicate it on our end.
Hopefully this will provide a clearer picture of the issue.
Here is an example of the cookie string not looking right in Safari:
Cookie: .CommunityServer=C2D5064C6D68B71BCE016329FEE1C91C4061B8F42C8EED2FDA45F4B198E829 70C5BAD0C63A14539F9632CC77E10F67BF2C5032E9FEF54D198EB80C7BE0D03A65438EE9B6DDF06A 38AB0298D3060369E3; 01 Jan 1999 00:00:00 GMT&mra=Wed; AuthorizationCookie=685994d5-72b3-4b78-8d81-44b086cec850; CommunityServer-AutoLoginCookie=True; CommunityServer-LastVisitUpdated-2100=; CommunityServer-LastVisitUpdated-2101=; CommunityServer-UserCookie2100=lv=Fri; CommunityServer-UserCookie2101=lv=Fri&mra=Wed
Here is an example of the cookie string looking right Chrome:
Cookie: CommunityServer-AutoLoginCookie=True; CommunityServer-UserCookie2104=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Mon, 29 Mar 2010 15:44:40 GMT; CommunityServer-UserCookie2103=lv=Mon, 29 Mar 2010 15:45:33 GMT&mra=Thu, 08 Apr 2010 22:36:27 GMT; CommunityServer-UserCookie2101=lv=Mon, 29 Mar 2010 15:45:42 GMT&mra=Thu, 08 Apr 2010 22:36:32 GMT; .CommunityServer=F4AC55CC2A9D7A2178C064D7AC65107EE5BACA41D6AFEBA00CC27B57721EFB AD0A57A6D79F68ED8CBE86D354545F523F90C838B6FB1E44D59BE8EB14E9CB4A79EEAD986A242D57 0557B21225F8B6A05C; .CSRoles=; CommunityServer-LastVisitUpdated-2100=; AuthorizationCookie=685994d5-72b3-4b78-8d81-44b086cec850; CommunityServer-UserCookie2100=lv=Sat, 10 Apr 2010 00:33:52 GMT&mra=Wed, 14 Apr 2010 22:49:25 GMT
You will notice in the above example that the Safari cookie string cuts of the dates after the
comma and I think what is happening is that depending upon which order the cookies come
across the wire and are parsed by the browser they sometimes blow up the authentication cookie.