SameSite cookies missing from HTTP requests (includes reduced test-case)

[steffenweber]

There is a bug in Kiwi Browser with the handling of SameSite cookies: SameSite cookies are missing from HTTP requests sent by Kiwi. I've created a reduced test-case.

How to reproduce:

1. Open https://www.computerbase.de/kiwi-samesite-cookie-bug.php (the page sets two cookies "normal-cookie" and "samesite-cookie")
2. Reload the page (such that the cookies are sent back to the server)

What should happen: The page should display the values of both cookies.

What actually happens: The page only shows the value of "normal-cookie" but not the value of "samesite-cookie".

This works in all other browsers (Chrome, Firefox, Edge, Opera, Safari, …) except for Kiwi. I've tested in Kiwi Browser 75.0.3770.101 on a Pixel 3. Could you please have a look? :)

This issue was originally reported by one of our users because he/she is unable to login to our website using Kiwi Browser: https://www.computerbase.de/forum/threads/kiwi-browser-kein-einloggen-moeglich.1879841/

This is the source code of the test-case (requires PHP 7.3 for "samesite" support in "setcookie"):

<?php
setcookie('normal-cookie', '42');
setcookie('samesite-cookie', '42', ['samesite' => 'Lax']);
?>
<!DOCTYPE html>
<html>
<head>
	<title>Kiwi SameSite Cookie Bug</title>
</head>
<body>
<h1>Kiwi SameSite Cookie Bug</h1>
<ul>
	<li>normal-cookie: <?php echo htmlspecialchars($_COOKIE['normal-cookie'] ?? '-'); ?></li>
	<li>samesite-cookie: <?php echo htmlspecialchars($_COOKIE['samesite-cookie'] ?? '-'); ?></li>
</ul>
</body>
</html>

[IT-Gandalf]

Any Updates to this issue from the Dev Team? @kiwibrowser

[7lives83]

Problem still exists. Dev Team?
Why Kiwi cant handele sametime-cookies?

[d3ward]

Just did a test with samesitetest and seems the "LaxCookie" works .
Consider to reopen the issue if needed, i close it as it looks to be fixed with new Kiwi version and the issue it's very old