@#$%#$% Apple (in General)

AdminJonathan January 19 2008 2:00 AM EST

Fresh off battling to get IE to recognize CB cookies I test Safari (on Windows) and it's eating our cookies too.

Please just follow the RFC guys.

Nothing useful to say here, just venting.

Relic January 19 2008 10:08 AM EST

I wrote a site tracking system for my company similar to Google Analytics, we originally dropped cookies on a domain that we owned. In order to minimize the cookie blocking of our third-party cookie we implemented a very strict and complete p3p policy and this dropped our block rate from roughly 25% to 10%, but that was still too high for our purposes.

So, we decided to implement javascript cookie handling (which drops first party cookies only). The javascript cookie DOM is quite limited but we were able to get it to do what we needed.

I am pretty sure that if you got a good p3p policy in place, that would help you with the dropping cookies from a frame or frameset issue.

Ultimately, it would be ideal for you to drop a cookie from the first party domain, but if that is not possible, I would suggest putting in place a rock solid p3p policy.

We used the site below to help us create our policy and to have them check it and verify we had implemented it correctly.


Brakke Bres [Ow man] January 19 2008 10:28 AM EST

is that the problem I got a few days back? Getting thrown back over and over using the IP address?

QBsutekh137 January 19 2008 11:11 AM EST

Fined Jonathan $3.17 CBD for using expletive characters.

Not really. Yeah, Apple seems to suck quite a lot when it comes to things like that...certainly not any better than Microsoft!

Thraklight Resonance January 19 2008 11:27 AM EST

Fined sutekh $3.17 CB for imitating a real admin.
Fined myself $3.17 CB for imitating a real admin.
Applied head slap to self for imitating a real admin again.
Awaits Brent's ruling on this post.

AdminJonathan January 19 2008 12:03 PM EST

Glory: I wasn't clear. Safari is not frustrating b/c it's pulling more of the p3p crap IE was. It's frustrating because *it doesn't even work direct to CB.*

Relic January 19 2008 12:38 PM EST

Ok, I gotcha now. Safari is a pathetic browser at best. I feel your pain. The saddest thing about Safari is that Safari on Windows is not even close to Safari on Mac, sites or pages or functionality that work in one, do not always work in the other. It reminds me of the old IE5 on a Mac *shiver*.

AdminNightStrike January 19 2008 12:41 PM EST

Curious.. does it work in Konqueror?

[P]Mitt January 19 2008 2:02 PM EST

I dunno, safari on my iTouch seems to work... Well at least I can fight/forge on it, but it's slow, considering I have to hit "fight" and then hit the scroll down list, choose the next target, then hit fight again. Rinse and repeat

Eurynome Bartleby [Bartleby's] January 19 2008 2:04 PM EST

Konqueror seemed to work fine when I tried it 1-2 months ago.

Don't know if the various layout changes could have affected it, though.

bartjan January 19 2008 2:24 PM EST

Konqueror has not worked and still doesn't work for CB. Not having a functional 'fight' button makes it very hard to qualify CB on Konqueror as 'working'. Another thing that doesn't work is the 'find a user' popup (which is now hidden under 'Community' instead of the sidebar). This makes it very difficult for me to consider Konqueror as a secondary browser for admin work.

Jonathan, can you please stop forcing CB to be accessed as 'www.carnageblender.com' only? This makes it impossible for me to be logged into CB twice (for example when using 'Become this user' in 1 session).

Jamba in da Juice January 19 2008 2:44 PM EST

i say apple sucks overall

AdminJonathan January 19 2008 3:22 PM EST

bartjan: sorry, the more I get into the cookie problems some people have been having the more I'm inclined to force people to www.cb.com.

The problem is that if a browser gets one cookie from www.carnageblender.com, and another from carnageblender.com, it will send *both* back when accessing www.carnageblender.com. If they are from two different users (either b/c the machine is public or b/c someone was testing the fb stuff) then neither one will be able to log in.

I suggest using a separate browser for "become this user" admin tasks. Opera and FF both work fine, for instance.

bartjan January 19 2008 4:07 PM EST

Fortunately I just found out that Iceape apparently works for CB (I'm out of BA, so didn't test fighting...).

Can't you give the cookie a different name depending on the referrer value?

AdminJonathan January 19 2008 4:12 PM EST

The cookie handling code is old and fragile. I want to mess with it as little as possible.

bartjan January 19 2008 4:43 PM EST

Reminds me of the large number of 'legacy' servers we have at work. Customers just don't seem to care to upgrade, despite the fact that IBM (I work on AIX servers at a large bank) no longer supports them and for us it's also just "best effort".
My suggestion was to have them all crash on February 29th and blame it on the leap year ;)

AdminNightStrike January 22 2008 3:39 AM EST

bart - I still have to do development on VAX at times................. AIX would be a welcome "upgrade"

QBsutekh137 January 22 2008 9:42 AM EST

Bart, can you hold out until 2038? Will the "unix bug" affect them?

The VAX! My first "real" programming platform in college! Show Users /ALL!

AdminJonathan January 25 2008 4:16 PM EST

seems that the problem was CB setting cookie domain to "carnageblender.com". Setting it to ".carnageblender.com" (with the extra dot in front) makes Safari happy.

Hopefully this won't make many people have to clear out their cookies *again.* :)
This thread is closed to new posts. However, you are welcome to reference it from a new thread; link this with the html <a href="/bboard/q-and-a-fetch-msg.tcl?msg_id=002KQb">@#$%#$% Apple</a>