Session cookie not created in Safari

[phillipkoebbe]

Server OS: Ubuntu 7.10, Linux 2.6.16.29-xen #1 SMP x86_64 GNU/Linux (SliceHost)
LiteSpeed 3.3.11 Standard
RubyGems 1.1.1
ruby-lsapi 3.2
Rails 1.2.6 and 2.0.2

Client OS: Mac OS X Leopard 10.5.2
Safari 3.1.1 (5525.18)
Firefox 2.0.0.14

I created two simple Rails applications (in the versions noted above) to test this situation. Each was configured to use the active_record_store for sessions, so all that will be written to cookies is the session id. On the Ubuntu server where LiteSpeed is running, the cookie was not created in Safari but it was in Firefox. This was true for both Rails 1.2.6 and 2.0.2. To determine if it is a problem with Safari, I replicated the test on my local development computer (the client noted above), where I use Mongrel 1.1.4. The cookies were created in Safari correctly. I see nothing in the error.log or stderr.log that appears related to this problem.

I created the virtual hosts based on the Rails template, then instantiated them and set the environment to development.

Let me know if you need any more information.

 

[mistwang]

Phillip,

I think maybe Safari is more picky with "Set-Cookie" response header. LiteSpeed will treat the same request exactly the same no matter which browser send the request, unless the browser send something special.

To debug and verify this problem, please try something like tcpdump to capture the contnent of both HTTP request and response, and compare that from Safari and Firefox.

Please use command like

tcpdump -s0 -X -i eth0 port 80

to get the full packet dump.

 

[phillipkoebbe]

Hi mistwang,

Thanks for the help. I looked at the packets I sent and received in Safari and Firefox against both LiteSpeed and Mongrel. What I received from LiteSpeed was the same in Safari and Firefox, just as you explained. When I compared the receipt packets of LiteSpeed with those of Mongrel, I noticed one little difference: Mongrel sent back

Status:.200.OK

whereas LiteSpeed sent

HTTP/1.1.200.OK

I'm wondering if Safari is looking for Status only and Firefox will take either. I have no way of knowing that off the top of my head. I'm also wondering what other web servers do. I will set up a quick test with Apache and see what I see. I do find it odd, though, since I have lots and lots of other cookies in Safari.

I hope this is not a burden to you, but I tarred up the dumps and sent them to you, just in case you wanted to see them.

Thanks again for your help.

 

[phillipkoebbe]

I just did a test with Apache and PHP (setting the PHPSESSION cookie), and it worked, but Apache did not use Status:.200.OK either.

Now I'm really confused. Cookies do work in Safari, at least from Mongrel and Apache (and whatever other servers I've visited). The packet you sent back (that sets the cookie) works in Firefox but not Safari.

If you really think it's a bug in Safari, I'll take it to Apple. I certainly won't get my hopes up for it to get fixed any time soon. In the interim, though, I'll have to leave LiteSpeed as Safari is my primary browser and I can't not have cookies. That's sad. I like LiteSpeed.

 

[mistwang]

Maybe just that safari is more picky on cookies, make sure the that domain used in the cookie matches the domain name in the request URL.
Only "Set-Cookie" response header is important in this regard.

 

[phillipkoebbe]

SOLVED: Session cookie not created in Safari Reply to Thread

Hi mistwang,

I discovered the problem. There appears to be a bug in Safari such that it will not write cookies if the host has underscores in it. My test was originally with

cookie_test_202.livingdoor.net

which did not work. I changed it to

cookietest202.livingdoor.net

in LiteSpeed, and it wrote the cookie just fine. I'll be submitting a bug report to Apple.

Thanks for your patience!

 

[mistwang]

No problem. thank you for sharing your finding with us.

 

[phillipkoebbe]

It appears that Safari's behavior is actually following the standard and Firefox is being deviant. According to posters over at ruby-forum, RFC 1035 Domain Implementation and Specification states that underscores should not be used in host names.

I wanted to pass that along in the spirit of clarity.