RESOLVED WORKSFORME 66017
REGRESSION (r78383): Mobile gmail authentication is broken 
https://bugs.webkit.org/show_bug.cgi?id=66017
Summary REGRESSION (r78383): Mobile gmail authentication is broken
Alexey Proskuryakov
Reported 2011-08-10 15:26:48 PDT
Steps to reproduce: 1. In Safari 5.1 or Chrome 13, spoof user agent string. iPad string is Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5 2. Go to gmail.com 3. Enter credentials, check Remember Me. 4. Click "Sign in" button. ... you are logged in successfully. 5. Sign out. 6. Go to gmail.com again, try to log in. Results: instead of being logged in, you are sent to another page asking for your password. I am not sure if this is a server side or client side issue. We may fail to find some cookies internally because of using a different domain than network loader level had. Or the server may choke on a different Host header field.
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-08-10 15:27:58 PDT
<rdar://problem/9451715>
Adam Barth
Comment 2 2011-08-10 15:43:01 PDT
http://trac.webkit.org/changeset/78383 (to save folks the copy/paste URL forming)
Eric Seidel (no email)
Comment 3 2011-08-11 12:56:27 PDT
Chrome and Safari have different network layers. So it would seem that if this bug reproduces when spoofing iPad in either it's likely to be a server issue. It would be interesting to know what the behavior in FF is when spoofing as iPad.
Eric Seidel (no email)
Comment 4 2011-08-11 12:57:28 PDT
I'm confused by step 5. Shouldn't "sign out" clear your "Remember me" cookie? I assume you meant just to close the browser on the iPad, not click the "sign out" link?
Alexey Proskuryakov
Comment 5 2011-08-11 13:27:54 PDT
No, the steps to reproduce are correct. In step 6, you enter the credentials again, but they don't work this time.
Alexey Proskuryakov
Comment 6 2011-08-11 13:35:56 PDT
> It would be interesting to know what the behavior in FF is when spoofing as iPad. That's a great question! Rendering is quite broken, but this bug doesn't occur in Firefox. My specific (but completely unfounded) idea was that we may not show cookies set on https://mail.google.com:443 in documents with origin https://mail.google.com (without port number).
Alexey Proskuryakov
Comment 7 2011-08-11 13:36:48 PDT
> No, the steps to reproduce are correct. In step 6, you enter the credentials again, but they don't work this time. Also note that you need to follow the steps to reproduce exactly, and go to gmail.com, not just enter your password on a page that appear after signing out.
Emil A Eklund
Comment 8 2011-08-11 13:43:03 PDT
Escalated to the gmail team in case it's a problem on their side.
David Kilzer (:ddkilzer)
Comment 9 2012-01-25 10:45:46 PST
(In reply to comment #8) > Escalated to the gmail team in case it's a problem on their side. Emil, is there a status update on this? It seems to be working now.
Emil A Eklund
Comment 10 2012-01-30 12:07:11 PST
This was confirmed to be a problem on the gmail side. It has since been resolved.
Note You need to log in before you can comment on or make changes to this bug.