Home > Software > How to render Safari cookieless

How to render Safari cookieless

October 5th, 2010 Leave a comment Go to comments

Today we had an issue at work, an odd issue.

OS X users using Safari wound up with a proxy issue after clicking on a button on our site, and reloading the page.

The suspect seemed simple to me - the button has to do something persistent that makes the browser behave differently the next page load - so a cookie or a session-based thing on the server side which scrambles the request. Session stuff seemed incorrect as it should show a PHP error or something, not actually make the proxy reject the request. So I came to the easy conclusion of going down the cookie route.

Sure enough, it was an onclick function which set a cookie - one that worked in every browser including Safari on Windows*, but broke on Safari on OS X. So we looked to see what the cookie was. Turns out, Safari on OS X at the moment does not like when a cookie's value ends with a comma "," - it  literally breaks cookie handling altogether. It sends some request that our proxy considers invalid and rejects, and checking without the proxy involved showed us that some cookies (if not all of them) were not being sent to the server (or at least not properly) - which included our authentication cookies. The minute we nuked this "bad" cookie, our other cookies got read properly, the proxy allowed the request, etc.

So, for those people who like to see things more direct and don't like to read a lot of fluff (me included!) here's a simple breakdown:

BREAKS: CookieName=Foo,Bar,Baz,
WORKS: CookieName=Foo,Bar,Baz

Pretty simple. Odd that it appears to be inconsistent across platforms. Anyway, have fun with that little nugget of information. If I wasn't lazy I would look into exactly where to submit a bug, somewhere in the WebKit community I assume.

* I cannot confirm that Windows did not suffer from this, a coworker provided that information.

Categories: Software
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.