Closed Bug 1613622 Opened 4 years ago Closed 4 years ago

Cookies with SameSite=None appear as Unset in dev tools

Categories

(DevTools :: Storage Inspector, defect)

Product:
DevTools
Component:
Storage Inspector
Version:
72 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1609807

People

(Reporter: rik, Unassigned)

Details

Attachments

(1 file)

Firefox_SameSite_NetworkView.png
23.23 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0

Steps to reproduce:

Using Firefox 72.0.2 and 73.0b12 (64-bit)
I have a website that sets cookies with SameSite=None using ht developer tools I inspect the cookies to check the SameSite value

C# code (MVC with .Net Framework 4.8, running on IIS)
private void AddCookieForTest()
{
var now = DateTime.Now.ToLongTimeString();
var expiry = DateTime.Now.AddSeconds(30);

        var cookieSameSiteNone = new HttpCookie("My.SameSite.None", $"sameSite None [{now}]")
        {
            Secure = true,
            SameSite = SameSiteMode.None,
            Expires = expiry
        };

        var cookieSameSiteLax = new HttpCookie("My.SameSite.Lax", $"sameSite Lax [{now}]")
        {
            Secure = true,
            SameSite = SameSiteMode.Lax,
            Expires = expiry
        };

        var cookieSameSiteStrict = new HttpCookie("My.SameSite.Strict", $"sameSite Strict [{now}]")
        {
            Secure = true,
            SameSite = SameSiteMode.Strict,
            Expires = expiry
        };

        Response.Cookies.Add(cookieSameSiteStrict);
        Response.Cookies.Add(cookieSameSiteLax);
        Response.Cookies.Add(cookieSameSiteNone);
    }

Note I also set the following FireFox settings:
network.cookie.samesite.laxByDefault = true
network.cookie.sameSite.noneRequiresSecure = true

Actual results:

The dev tools reports the headers:
HTTP/2 303 See Other
cache-control: no-cache, no-store
pragma: no-cache
expires: -1
location: https://xxxx.oktapreview.com/app/xxxx
x-stackifyid: V1|80000028-0000-ff00-b63f-84710c7967bb|
set-cookie: ASP.NET_SessionId=io2hos14hgjy30ld3xivemyi; path=/; secure; HttpOnly; SameSite=Lax
set-cookie: Saml2._wxttBwJzuS1cO6E8n_0vsTT=xxx; path=/; secure; HttpOnly; SameSite=None
set-cookie: My.SameSite.Strict=sameSite Strict [10:16:59]; expires=Thu, 06-Feb-2020 10:17:29 GMT; path=/; secure; HttpOnly; SameSite=Strict
set-cookie: My.SameSite.Lax=sameSite Lax [10:16:59]; expires=Thu, 06-Feb-2020 10:17:29 GMT; path=/; secure; HttpOnly; SameSite=Lax
set-cookie: My.SameSite.None=sameSite None [10:16:59]; expires=Thu, 06-Feb-2020 10:17:29 GMT; path=/; secure; HttpOnly; SameSite=None
x-frame-options: SAMEORIGIN
x-xss-protection: 1;mode=block
date: Thu, 06 Feb 2020 10:16:59 GMT
content-length: 0
X-Firefox-Spdy: h2

But the Network Tab show the cookies with SameSite=None as being UnSet (see attached image)

Expected results:

I would expect the view of cookies to match what is in the headers

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Component: Untriaged → Storage Inspector
Product: Firefox → DevTools
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: