Regarding Safari cookie size problem (RFC 2109)

Similar Messages

• IPad Safari Cookie size limits?

  We're using an application called Tableau (business intelligence) with Active Directory Federation Service v.3 (ADFS 3, Windows 2012 R2) for single sign on. Using Fiddler on a browser, it appears that when logging on to ADFS after having been redirected from Tableau, 7KB of cookies are set and then recalled by the ADFS server.
  When attempting the same functionality from the iPad, the ADFS server errors out and the error event on the server has the following text in it:
  MSIS7046: The SAML protocol parameter 'RelayState' was not found or not valid. If the context was stored in cookies, the cookies that were presented by the client were not valid. Ensure that the client browser is configured to accept cookies from this website and retry this request.
  I have the Safari settings to allow all cookies.
  iOS : 8.3
  I found some old blog postings on this about Safari limiting total cookies per domain to 4KB. Is this limit still in play? Is this a violation of RFC?
  Thanks.
  Doug

  I've done a little more digging. I was able to hook up an iPad to Fiddler and observe that the Safari browser does not send back all of the cookies that are sent to it. In Safari, 4 cookies come down as part of the initial ADFS form display to logon named MSISSSamlRequest, MSISSSamlRequest1, MSISSSamlRequest2, MSISSSamlRequest3.
  The 4 go up as part of the Post with the username and password.
  And one additional new one is send down as the reply from the Post, MSISAuth
  But in going to the next page after the Post.. a Get request to /adfs/ls/ only these cookies get sent to the server:
  MSISAuth
  MSISSSamlRequest
  MSISSSamlRequest1
  MSISSSamlRequest2
  The browser does not send MSISSSamlRequest3.
  Interestingly, I tried it with Chrome on the browser as well and the cookie that does not get sent back is MSISAuth, which leads to the initial logon form being re-displayed as if you first came to the page.
  One other thing: I see that the Tableau application is using a form Post for the initiation of the authentication redirect and not a ws-federation redirect with query strings. I checked on Office 365 and that is configured for query string redirection which results in setting of cookies after the very last step and seem to only be there in case the user gets back to that same authenticate page for some other application and it won't re-prompt within a certain time period.
  What is happening to the cookies on the iPad? How can I see the individual cookies that are stored on the device?

• Cookie.setPath Inconsistent with RFC 2109

  My reading indicates that Java EE imposes an additional restriction beyond that in RFC 2109 on setting Cookies. That does not make policy sense. Am I interpreting the specification correctly? If so, should the Java EE part be changed?
  From Java EE 5 documentation for Cookie.setPath(.)
  bq. {color:#999999} \\ public void setPath(String uri) \\ Specifies a path for the cookie to which the client should return the cookie. \\ The cookie is visible to all the pages in the directory you specify, and all the pages in that directory's subdirectories.{color} A cookie's path must include the servlet that set the cookie, for example, /catalog, {color:#999999}which makes the cookie visible to all directories on the server under /catalog.{color} \\ Consult RFC 2109 (available on the Internet) for more information on setting path names for cookies.
  From RFC 2109: http://www.ietf.org/rfc/rfc2109.txt
  bq. 4.3.2 Rejecting Cookies \\ To prevent possible security or privacy violations, a user agent \\ rejects a cookie (shall not store its information) if any of the \\ following is true: \\ * The value for the Path attribute is not a prefix of the request- \\ URI. \\ {color:#999999} \\ * The value for the Domain attribute contains no embedded dots or \\ does not start with a dot. \\ * The value for the request-host does not domain-match the Domain \\ attribute. \\ * The request-host is a FQDN (not IP address) and has the form HD, \\ where D is the value of the Domain attribute, and H is a string \\ that contains one or more dots. \\ {color}

  You can provide feedback to Apple here >  Apple - Safari - Feedback

• [svn:bz-trunk] 8308: Bug: BLZ-311 - non-RFC 2109 compliant Cookies are ignored due to default HTTPClient CookiePolicy

  Revision: 8308
  Author:   [email protected]
  Date:     2009-06-26 08:26:58 -0700 (Fri, 26 Jun 2009)
  Log Message:
  Bug: BLZ-311 - non-RFC 2109 compliant Cookies are ignored due to default HTTPClient CookiePolicy
  QA: Yes
  Doc: No
  Checkintests: Pass
  Details: Added a cookie-policy configuration parameter to control the policy used by the HTTPClient in proxy service.
  Ticket Links:
      http://bugs.adobe.com/jira/browse/BLZ-311
  Modified Paths:
      blazeds/trunk/modules/proxy/src/flex/messaging/services/http/HTTPConnectionManagerSetting s.java
      blazeds/trunk/modules/proxy/src/flex/messaging/services/http/HTTPProxyAdapter.java
      blazeds/trunk/resources/config/proxy-config.xml

• Safari cookie problem 10.5.6

  Safari cookies reset after reboot (10.5.6)
  Hello my friends, on my Macbook (alluminium 2.4ghz) i have a big problem with Safari.
  Every time i reboot the machine , i will loose all the cookies, and so all the Login information of all the websites. Every time i reboot i must spend minutes and minutes to make the login on all the websites. It is really frustrating.
  I have double checked all the settings, i have cleaned history, cache and all... i have check the Disk permission .. but the bug still remains .
  now i have really no idea on what i can do ! , i am downloading Firefox, because i really can't use safari and every time i reboot spend several time to do the login.

  To me it is not after every Reboot but every couple minutes (!!) while the browser is running! Basically while I am on a site and e.g. writing a forum post or whatnot, somehow safari looses the relevant cookie data and I am no longer logged in authenticated. Happens with every site that relies on cookies.
  Filed a Webkit Bug (https://bugs.webkit.org/show_bug.cgi?id=23381), but they closed it pointing towards the CFNetwork framework.
  Moreover, googling around reveals that we're not alone and that it HAS something to do with the latest 10.5.6 safari update... :-/
  Meh

• Sticking Safari cookies but they are not there in Web Inspector

  Hi,
  Now I’ve got the Safari 5.1.10 update (OS X 10.6.8) and still have the same problem as with several versions before, I think it’s even worse now:
  When surfing I’m used to “Safari / Reset Safari…” (with all options set to delete but website icons) to start from scratch from time to time.
  This will delete cookies and local cache, too, although it’s not clearly mentioned (?).
  My start page is google.co.uk and checking with the “Privacy” tab I usually see three items from Google.
  I think that would be OK.
  But:
  a) Sometimes there are still cookies / cache from sites that I have visited before,
  and
  b) Sometimes even after Privacy / “Remove All”
  (Cookies.plist is empty and Safari/LocalStorage folder is deleted now)
  and another Safari “Reset” some will return (e.g wikipedia.org, Local Storage, but also cookies from news or amazon or local storage use by apple.com).
  When I check using the Web Inspector / Resources there are no such elements to find, only from Google - but the “Preferences / Privacy” tab seems to know about them and they are back in Cookies.plist and Safari / LocalStorage ???
  c) Sometimes (I know, that’s bad), even when I reset + close Safari, open an other application, start Safari again - bang, several items (often more than before) are listed there but only Google is to be seen in the Web Inspector (screenshot 1).
  d) After closing the Web Inspector and “Remove All” I start the Web Inspector again, just to see e.g. a “cookie folder” from Google but it’s stating “This site has no cookies” (screenshot 2), and there are none in Safari. How would the Web Inspector know about google cookies (or local storage), only to show an empty “folder”?
  I really love Safari, I’d simply like to “flush” it from time to time when surfing.
  1) Is it my misunderstanding of Safari cookies / cache? Or the Web Inspector’s display?
  2) Why only “sometimes” (this point is most annoying)?
  3) How could I dig deeper (but I’m not a techie ! ), or
  4) Is this a known bug since years (Safari and / or Web Inspector), I didn’t find a similar topic here in the forums?
  Thank you for reading this lengthy and probably confusing stuff,
  Sancho

  @Carolyn:
  Yes, I did search before but restricted it to the past month, because I had the feeling that it’s worse now since the update to 5.1.10, but I may be wrong.
  It seems this is an old and unsolved common problem.
  @andy:
  “Top Sites” is hot, but I’ve never used that funny dots without any mouse-over text.
  After deleting (before starting Safari)  it’s restored by a default TopSites.plist, it seems these cookies
  - are only reloaded when viewing the Top Sites (?)
  - are not among my reappearing cookies, I have never seen such a cookie / cache on my system before (e.g. expedia, orbitz, monster, usatoday, disney, craigslist).
  And Top Sites would not explain why the Web Inspector has different infos regarding use of cookies and local storage than Safari’s “Privacy” tab.
  After playing with deleting TopSites.plist, without surfing, suddenly I have ”121 cookies or other data” at Safari’s Privacy tab, nearly all are listed as “Cache” or “Cache, Cookies” but the Web Inspector doesn’t show any of them, only my google.co.uk items.
  ---> Thanks, I’ll send a feedback to Apple.

• HP 8750 Paper-Size Problem where it keeps telling me the paper is too big (it's set up for 11x17)

  I've got an HP 8750 printer running with a Windows 7 Ultimate machine, and I've got a paper-size problem where it keeps telling me the paper is too big. It's set up for 11 x 17. 
  The actual wording on the printer is: 
  Paper installed is larger than needed. Press cancel to replace with correct size, if you wish to save paper, or press check mark to continue. 
  When you press the check mark it feeds the paper, but for a multi page-document I have to press the check mark for each page to feed.
  How do I get it to print 11 x 17 paper without having to press the check mark for each page?

  ''guigs2 [[#answer-672422|said]]''
  <blockquote>
  NoScript stops cookies, please disable this addon/extension as well as make sure that the language en-us is installed.
  # 1) Open up the Firefox Preferences tab. You can do this by typing about:preferences in the URL bar.
  # 2) Click "Content"
  # 3) Next to "Languages", click "Choose"
  # 4) Select "English/United States [en-us]", click "Add"
  # 5) re-open "about:accounts"
  # 6) Click "Get Started"
  </blockquote>
  Thank you for replying. Unfortunately, I already did all of these things. As you can see from the below screenshot, the language is already set. Also, this screenshot was taken in Safe Mode, so NoScript is not enabled. About:accounts still says I need to enable cookies for some reason. So, this solution didn't work....

• Why does Safari have a problem loading images on some websites?

  Safari has a problem loading pages properly or images on certain websites. Apple.com is one of the websites. On my way in here this time it didnt load any images on the front page. I emptied my cache and reloaded the page but that didnt help. Clicked on a broken image that took me to the proper page but without any images. Clicked on a different broken image on to the page and the images load no problem. Click back to the home page images load problem. Clicked on in to support forums and posted this topic.
  Any ideas... it has done this for awhile. Everything is enabled in web content(preferences) Always accept cookies is selected.
  Thanks

  Hi all,
  I occasionally see messages telling me that my software won't let me see the HTML version of an email, but it's there on the page when I open it. This happens mostly with emails from Apple, but have also had a similar message from a few of the photography mags that I subscribe to.
  For my part, I just ignore it. It won't go away, but I just don't let it bother me.

• Safari cookies are not turned off when blocked

  I delete all Safari cookies and then set preference to ALWAYS BLOCK, but when I later check there are new cookies.  Why?

  This has been the case  for sometime.
  I do not know whether  there is any solution for this problem.
  Best.

• My mobile form of my homepage have some size problems!

  Hello! My mobile form of my homepage have some size problems. All pages gets right size exept one. It only cover halv of the page. What is wrong?

  Hello,
  Can you please share the URl of the page with us so that we can get a better idea of the issue.
  Usually this happens when any object is placed outside the browser are in Phone layout.
  Regards
  Vivek

• Safari page load problems and 10.5.3

  Since I have upgraded to 10.5.3, I am experiencing Safari page load problems on all my user accounts on my 2.0 GHz Core Duo Black MacBook. I have reviewed threads in this forum and that of the Safari forum with no solution that solves the problem. so I post here in hopes of additional expert solution ideas.
  *The Problem:* Since upgrading to 10.5.3 Safari fails to complete page downloads for some, but not all websites. When these same websites are accessed with Firefox there is no problem. With Safari the page load will stop at about 75% completion, or the page will not load at all.
  Here is an example of a webpage that will not complete: http://www.realclearpolitics.com/
  Here is an example of a webpage that will not load at all: http://cherylsguitar.com/site (my wife's business)
  I also have a G4 iMac running 10.4.11 on the same WiFi network that does NOT experience the Safari page load problems. All is good and speedy on this trusty machine.
  *Solutions Attempted:*
  - Deleted plist (with no effect)
  - Re-installed Safari from Leopard disk (with no effect)
  - Scoured User Preferences in Library for offending applications, plug-ins, etc.
  - Reset PRAM
  - Reset and examined cable modem and router (AirPort Extreme 802.11g)
  *Hardware and Network info:*
  - 2.0 GHz Core Duo Black MacBook
  - 2 GB Ram
  - AirPort Extreme Base Station (generation 1) running 802.11g

  Allan Eckert wrote:
  Hi Perry Lehman;
  Have you cleared out your cookies?
  Allan
  Allan,
  Yes. I have reset Safari clearing all but website icons with no effect. I also tried turning of the Safari pop-up blocker with some very limited success. Disabling pop-up blocker will marginally help page load speed for some websites, but others still fail to load at all.
  Thanks for taking time to post.

• Regarding Safari; (screen goes crazy when I press the Top Sites bottom)

  Regarding Safari; When I open safari everything works fine, but when I press the top sites bottom, the screen goes crazy for a second and then goes to the top sites. It is not fading or dimming from one screen to the other like it use to do. any sugestions. Thanks

  Nope, it isn't normal, but I don't know the cause. You might have better luck posting in the Safari forum:
  https://discussions.apple.com/community/mac_os/safari

• Is it possible to extract data from a Safari cookie?

  Hello,
  I need to recover a FedEx tracking number that I entered in Safari, and I'm hoping that perchance it was stored somehow in a cookie when I entered the number. It appears that I have a few cookies from FedEx in the list of cookie files on my computer, but I have no idea how to extract anything potentially useful from these files.
  After looking up the package on FedEx.com once, I lost the tracking number. I was shipping most of my clothes and some important books from California to Italy (where I'm working for the summer). Now the package hasn't arrived, and nobody at FedEx in either country will lift a finger without the tracking number. This attempt to recover it from Safari is the absolute last thing I can think of to get the magic number back.
  Any advice is appreciated. Thanks very much,
  Adrian

  Hi Adrian
  For Safari, cookie information is stored in your User Library>Cookies folder. The file is cookies.plist. You can open this file with TextEdit. First open Text Edit in your Applications folder. Then file menu>open and navigate to the file.
  When open, Apple Key + F key to open the "find" feature. Type in FedEx, select find by clicking on the button rather than pressing return so the find panel does not disappear. Continue to select "find" until you've gone through the entire search. Don't know if a specific cookie (there will be several for FedEx) contains the tracking number, however, I guess you'll soon find out.
  Good Luck

• Firefox was working on my new iMac but then, after switching on recently, won't connect to the web – whereas Safari has no problem.

  ===
  Hi
  I bought an iMac a week ago and installed Firefox via Safari. It worked fine for a while but, after a recently switching on, it won't connect to the web whereas Safari has no problems.
  I've tried following the Firefox Help, looking into the iMac firewall, but still no luck.
  I've no idea whether related or not but yesterday I had a system glitch where the iMac stated no wi-fi was installed and only connected via a physical lead to my house router. Also, there was no sound output via Safari. However, after booting up today all seems well – apart from Firefox still not working. It loads the start page but can't access the web.
  I have Little Snitch running, and wonder if that's the culprit... but it's working fine with Safari, seemingly.
  (Finally, how do I stop a dialogue box appearing on start-up saying that "To open “X” you need a Java runtime. Would you like to install one now?)
  Any ideas anyone?
  Cheers
  Rob / Sheffield / UK
  ===

  On the wireless networks that your Mac has had trouble connecting to, do you know which Wireless Security type (WEP, WPA, or WPA2) is being used?
  If it is WEP, one of the problems is that the actual standard relies on a 10 character HEX key for 40bit WEP and a 26 character HEX key for 128bit WEP.   In order to make things easier, vendors use certain algorithms to convert simple alphanumeric passwords (or passphrases) into HEX keys, thus enabling the use of simple easy to remember WEP password rather than lengthy HEX keys. The problem is that different vendors use different algorithms to generate the HEX key and therefore a ASCII password on an AEBS will be hashed differently on a non-Apple client and vice versa.   You may find the following Apple Support article helpful.

• 3 year old iMac 24 running OS10.7.4.  After it has been on for a day or so, it stops going to sleep and becomes very slow.  This only happens when Safari is running. Quitting Safari solves the problem.  Has anyone else have the same problem?

  3 year old iMac 24 running OS 10.7.4.  After it has been on for a day or so, it stops going to sleep and becomes very slow.  This only happens when Safari is running. Quitting Safari solves the problem.  Has anyone else have the same problem?  Does not happen on MacBookpro only on iMac.

  Hello Albert, see how many of these you can answer...
  See if the Disk is issuing any S.M.A.R.T errors in Disk Utility...
  http://support.apple.com/kb/PH7029
  Open Activity Monitor in Applications>Utilities, select All Processes & sort on CPU%, any indications there?
  How much RAM & free space do you have also, click on the Memory & Disk Usage Tabs.
  Open Console in Utilities & see if there are any clues or repeating messages when this happens.
  In the Memory tab, are there a lot of Pageouts?