Closed Bug 1519694 Opened 6 years ago Closed 6 years ago

The cookie is sent in other tab in spite of the “SameSite=Strict” setting.

Tracking

()

Status:

RESOLVED WORKSFORME

People

(Reporter: ultimatesecpro, Unassigned)

Details

Attachments

(1 file)

StrictCookie.jpg 6 years ago Michael 21.35 KB, image/jpeg		Details

Michael

Reporter

Description

•

6 years ago

Attached image StrictCookie.jpg — Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0

Steps to reproduce:

I have used Private window in version 64.0 (64-bit) of FireFox Quantum.

I have logged in to my application and the cookie is set with the “SameSite=Strict” attribute.
See the attached StrictCookie.jpg.

Then, I have opened a REST API to my application in other tab of the browser.

Unfortunately, the call is successful.

My expectation that the cookies should not be sent and the request should be unauthenticated.

Actual results:

The cookie is sent in other tab in spite of the “SameSite=Strict” setting.

Expected results:

My expectation that the cookies should not be sent and the request should be unauthenticated.

Michael

Reporter

Comment 1

•

6 years ago

Sorry,
How can I close the bug?
It works - need to open link from other page.

Michael

Reporter

Updated

•

6 years ago

Status: UNCONFIRMED → RESOLVED

Closed: 6 years ago

Resolution: --- → WORKSFORME

:Gijs (he/him)

Updated

•

6 years ago

Group: firefox-core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

The cookie is sent in other tab in spite of the “SameSite=Strict” setting.

Categories

(Firefox :: Untriaged, defect)

Tracking

()

People

(Reporter: ultimatesecpro, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Updated

Attachment

General

Description

File Name

Content Type