Bug 66017
| Summary: | REGRESSION (r78383): Mobile gmail authentication is broken | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Alexey Proskuryakov <ap> |
| Component: | Platform | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | CC: | abarth, adauria, ddkilzer, eae, eric |
| Priority: | P1 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | 54090 | ||
| Bug Blocks: | |||
Alexey Proskuryakov
Steps to reproduce:
1. In Safari 5.1 or Chrome 13, spoof user agent string. iPad string is Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5
2. Go to gmail.com
3. Enter credentials, check Remember Me.
4. Click "Sign in" button.
... you are logged in successfully.
5. Sign out.
6. Go to gmail.com again, try to log in.
Results: instead of being logged in, you are sent to another page asking for your password.
I am not sure if this is a server side or client side issue. We may fail to find some cookies internally because of using a different domain than network loader level had. Or the server may choke on a different Host header field.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
<rdar://problem/9451715>
Adam Barth
http://trac.webkit.org/changeset/78383 (to save folks the copy/paste URL forming)
Eric Seidel (no email)
Chrome and Safari have different network layers. So it would seem that if this bug reproduces when spoofing iPad in either it's likely to be a server issue.
It would be interesting to know what the behavior in FF is when spoofing as iPad.
Eric Seidel (no email)
I'm confused by step 5. Shouldn't "sign out" clear your "Remember me" cookie?
I assume you meant just to close the browser on the iPad, not click the "sign out" link?
Alexey Proskuryakov
No, the steps to reproduce are correct. In step 6, you enter the credentials again, but they don't work this time.
Alexey Proskuryakov
> It would be interesting to know what the behavior in FF is when spoofing as iPad.
That's a great question! Rendering is quite broken, but this bug doesn't occur in Firefox.
My specific (but completely unfounded) idea was that we may not show cookies set on https://mail.google.com:443 in documents with origin https://mail.google.com (without port number).
Alexey Proskuryakov
> No, the steps to reproduce are correct. In step 6, you enter the credentials again, but they don't work this time.
Also note that you need to follow the steps to reproduce exactly, and go to gmail.com, not just enter your password on a page that appear after signing out.
Emil A Eklund
Escalated to the gmail team in case it's a problem on their side.
David Kilzer (:ddkilzer)
(In reply to comment #8)
> Escalated to the gmail team in case it's a problem on their side.
Emil, is there a status update on this? It seems to be working now.
Emil A Eklund
This was confirmed to be a problem on the gmail side. It has since been resolved.