The Safari Cookie Issue: Fixed

I’d left Safari for Firefox (technically Minefield) because of an incredibly frustrating little bug, which I described in an earlier post:

I’ve experienced an issue where cookies seem to get clobbered despite selecting the “keep me logged in” option, and I’ll find that I’ve been suddenly logged out of the site I was on.

A few people had recommended removing any Web Clip dashboard widgets, but I didn’t have any installed. Instead, my solution was to move to Firefox and hang out there until Apple figured things out.

Firefox on Mac OS X isn’t as bad as the kids say, really, especially if you use Minefield (the nightly build), which is quite a bit faster. But even at its best, Firefox always seems just a little bit clunkier on the Mac, even if it does render pages really quickly.

No matter though, because it seems that Security Update 2009-001 fixes the Safari cookie issue:

This update addresses a non-security regression introduced in Mac OS X 10.5.6. Cookies may not be properly set if a web site attempts to set a session cookie by supplying a null value in the “expires” field, rather than omitting the field. This update addresses the issue by ignoring the “expires” field if it has a null value.

Developers often use cookies to verify that you’ve been successfully logged in to a website, and sometimes set empty an expires field values so you can remain logged in for an extended period of time. The problem seemed to occur because Safari was picky about how developers created the cookie. If they used a null value instead of just omitting the field, there’d be trouble.

I can verify that the fix worked on all of the Macs I’d had an issue with, so it may be worth a shot if you’re still experiencing Safari-related cookie issues.

More articles in the Archive →