Set-Cookie sent with NTLM type 2 response is ignored
| Originator: | rkogelheide | ||
| Number: | rdar://16100169 | Date Originated: | 18-Feb-2014 |
| Status: | Open | Resolved: | |
| Product: | Safari | Product Version: | OSX 7.0.1 |
| Classification: | Other | Reproducible: | Always |
Summary: A Set-Cookie sent with an NTLM type 2 response is ignored. The old version of the cookie is sent in subsequent requests instead. Set-Cookies with other (non-NTLM-type-2) 401 responses are not ignored. Steps to Reproduce: Reproduction requires a server doing NTLM auth and re-issuing cookies with each request. Expected Results: As per RFC 6265 s. 3 and in other browsers (Firefox and Chrome). Actual Results: The HTTP cookie set with an NTML type 2 response is never sent in subsequent requests by the browser. Version: Version 7.0.1 (9537.73.11) on OS X 10.9.1
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!