#53 ✓resolved
Matt Kern

Safari and user_credentials cookie issue

Reported by Matt Kern | March 10th, 2009 @ 03:02 AM

I've been wrestling with this one for a couple days just trying to get it reproducible and I think I finally have it. It seems to affect the authlogic example app as well as my apps (which are based on that code for now, anyhow).

It seems that these steps pretty regularly reproduce the problem (though, strangely, not every time):

  1. Log in to the example app. (http://authlogicexampleapp.binar...).
  2. Log out.
  3. Wait about 10 seconds (this seems to matter, and again I don't know why yet, but it's the one thing that seems to matter most).
  4. Click on the "Login" link.

About 80% of the time you'll get redirected straight to the /account path and you'll see you're logged in at that point. If you check out the cookies for the site you'll also notice that the user_credentials cookie reappear.

If anyone wants to help test this, this seems to be a pretty significant issue. I'm especially curious to hear if this affects Safari 3 or not.

Otherwise I'll keep trying to narrow it down. Oh, and btw, this doesn't seem to be reproducible at all in firefox.

Comments and changes to this ticket

  • Matt Kern

    Matt Kern March 10th, 2009 @ 03:45 PM

    Tested in Safari 3.2.1 this morning on a completely different machine with the same results.

  • Ben Johnson

    Ben Johnson March 10th, 2009 @ 04:05 PM

    • State changed from “new” to “open”

    Thanks for letting me know about this, but this doesn't sound like an authlogic issue. Authlogic doesn't do anything with sessions or cookies you wouldn't do yourself in a controller. The rails cookie system has been very buggy lately, you aren't the first person to create an issue saying cookies aren't working correctly. The problem has always been with rails.

  • Matt Kern

    Matt Kern March 10th, 2009 @ 04:28 PM

    Well, then I guess we should fix Rails :-) This is pretty much a showstopper for me.

    Are you able to repro it on the example app as I can?

  • Ben Johnson

    Ben Johnson March 10th, 2009 @ 04:47 PM

    Well its a showstopper for anyone, but its not an authlogic issue. I use active_record store for sessions and removed the whole protect from forgery feature, since it doesn't work properly either. It's really disappointing how much they dropped the ball with the cookies system. I know rails 3 changed a lot of that.

  • Ben Johnson

    Ben Johnson March 23rd, 2009 @ 03:20 AM

    • State changed from “open” to “resolved”

    Also, yes, in safari, before I switched to active record store I had all kinds of issues with cookies. Let me know if this is still a problem for you.

  • Matt Kern

    Matt Kern March 23rd, 2009 @ 03:31 AM

    Yeah, it is. And I'm using ActiveRecord store...

  • sdasfdf

    sdasfdf September 10th, 2018 @ 01:53 PM

    Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.

  • Chelsea Jones

    Chelsea Jones December 15th, 2018 @ 01:55 AM

    Thanks for sharing.I found a lot of interesting information here.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket