Closed Bug 1556151 Opened 4 months ago Closed 2 months ago

SessionCookies.jsm does not restore the SameSite flag of session cookies


(Firefox :: Session Restore, enhancement, P3)

64 Branch



Firefox 70
Tracking Status
firefox70 --- fixed


(Reporter: robwu, Assigned: dennisschagt)


(Blocks 1 open bug)



(1 file)

SessionCookiesInternal.restore unconditionally uses SAMESITE_NONE as the sameSite flag. This is incorrect, the sameSite flag should have been saved at CookieStore.add and be restored later.

The effect of this is that after a session restore, session cookies could inadvertently be included in requests where they shouldn't have been included (when SameSite=Lax or SameSite=Strict).

The priority flag is not set for this bug.
:mikedeboer, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(mdeboer)

Sounds plausible to me, but I unfortunately don't have time to work on this right now. Please feel free to pick this up - I'd be more than happy to mentor!

Blocks: ss-feature
Type: defect → enhancement
Flags: needinfo?(mdeboer)
Priority: -- → P3

Bug 1556151 - SessionStore: Save and restore cookie.sameSite flag

I just submitted a patch and added :mikedeboer as reviewer.

:mikedeboer, Could you assign this bug to me?

This is one of my first contributions to Firefox. Please let me know if there is anything I can improve on.

Flags: needinfo?(mdeboer)
Assignee: nobody → dennisschagt
Flags: needinfo?(mdeboer)

Pushed by
SessionStore: Save and restore cookie.sameSite flag r=mikedeboer

Keywords: checkin-needed
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 70

Dennis, well done for (one of) your first contribution(s) to Firefox! I'm looking forward to many more in the future!

You need to log in before you can comment on or make changes to this bug.