Webapps can see other apps' cookies

Description

Cookies are associated with the domain name, and all our webapps are run from the http://localhost domain. They use different ports but cookies, per design, work across different ports (with the only exception of port 443 for SSL-only cookies).

The result is that one webapp can see cookies set by another webapp for the locahost domain.

Environment

None

Activity

José Dapena Paz 
June 20, 2022 at 5:14 PM

As we moved to drop application framework, and applications are not served anymore from localhost, cookies are not shared either.

jose bollo 
February 19, 2020 at 12:58 PM

Have you an update of the status?

Jacobo Aragunde Pérez 
January 29, 2020 at 4:17 AM

Reassigning to , who's doing a QA round. This bug can be reproduced with this webapp:

 https://github.com/AGL-web-applications/webapp-samples/tree/master/cookie-test

Install it, and then modify the app id in config.xml and install again so you have it twice in your AGL system. If both webapps can see the same list of cookies, then we are still reproducing the bug.

jose bollo 
January 27, 2020 at 8:39 AM

, I'm assigning the ticket to you because I wonder you can check its resolution more efficiently than me and wonder you will find it solved!

Jacobo Aragunde Pérez 
December 16, 2019 at 8:56 AM

Let me add a pointer to the webapp I wrote to reproduce this issue, it's part of this PR: https://github.com/AGL-web-applications/webapp-samples/pull/3

Fixed

Details

Assignee

Reporter

Labels

Contract ID

Priority

Created December 4, 2019 at 10:25 AM
Updated June 30, 2022 at 4:07 PM
Resolved June 20, 2022 at 5:14 PM