Safari extensions and Mac OS X dashboard widgets session sharing

Originator:mangaroo
Number:rdar://14408523 Date Originated:10-Jul-2013 04:19 PM
Status:Open Resolved:
Product:Safari Product Version:5.1
Classification:UI/Usability Reproducible:Always
 
10-Jul-2013 04:19 PM David Luu:
Summary: 

Session state (cookie) not shared between page document/DOM and XmlHttpRequests in Safari extensions and Mac OS X dashboard widgets

Steps to Reproduce: 

1. Build an extension/widget app that expects session that is shared by page document and XmlHttpRequests. Example test extension is my AutoSMS tool (currently in Safari extension gallery, to which the extension used to work but stopped working for some reason), as well as my Mac OS X widget, both of which also hosted here:

http://autosmsclients.googlecode.com/files/autosms.safariextz

http://code.google.com/p/autosmsclients/downloads/detail?name=autosms.wdgt.zip

For this exmaple app, sending SMS fails when providing all valid input. Because PHPSESSID cookie is not passed from document.cookie to the XmlHttpRequest POST request that sends the SMS.

Expected Results: 

session cookie should be shared between page document & XmlHttpRequest. SMS should be sent successfully for my AutoSMS app.

Actual Results: 

appears there is no session sharing and sending SMS from AutoSMS fails.

Regression: 

possibly, since it used to work when I first built the Safari 5 extension. Can't get it to work anymore.

Notes: 

posted to Safari developer forum with no help. Got some insight from stack overflow post.

http://stackoverflow.com/questions/11272418/session-state-persistence-between-web-page-content-and-xmlhttprequest-for-mac-da

https://devforums.apple.com/thread/152323?tstart=120

Comments

Sending and reading cookies not exposed

I did a little more testing today. Observed that I can set an arbitrary HTTP header with an XmlHttpRequest to send out, but can't set header named "Cookie", so can't send cookies. If there is a way, it's not so straighforward, and would have to look into Safari developer docs and more.

Also, can't even read document.cookies from a toolbar extension that has HTML content (w/ AJAX) that should have set a cookie on that document. Probably need to access this way: http://stackoverflow.com/questions/8800689/reading-browser-cookies-in-safari-extension

By mangaroo at July 20, 2013, 8:04 p.m. (reply...)

Duplicate of 9822361

But since can't find that original bug (9822361) in OpenRadar, keeping this duplicate open to reflect the status of that bug (per Apple).

By mangaroo at July 13, 2013, 4:13 a.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!