Bug #788
closedOld.protonmail.com domain keeps kicking me out
0%
Description
When visiting old.protonmail.com domain. Adding domain settings Enabling Javascript, cookies, disabling all blacklists. I am able to login. If I open another tab and go into domain settings for the new tab then exit out of settings, the old.protonmail.com tab (which is not in focus) displays an error dialog that "cookies need to be enabled for the site to work" even though there is already a domain entry allowing cookies, Javascript and removing any block lists from interfering with this domains function. Not sure why going into settings for a different tab/domain is causing the old.protonmail.com tab to reload and why it kicks me out of the non focused site for not having cookies enabled even though there is a domain entry for that domain.
Files
Updated by Soren Stoutner over 2 years ago
- File Cookies - App Level Setting.png Cookies - App Level Setting.png added
- Status changed from New to Closed
- Assignee set to Soren Stoutner
Rich, you have discovered one of the annoying limitations of Android's WebView, which is that cookies are an app level setting, not an individual WebView (tab) level setting. This is explained a bit in the Settings screen (see attached screenshot), but it would probably make sense to add some text to Guide -> Local Storage explaining it further. See https://redmine.stoutner.com/issues/789.
This means that, when you are on a tab that has cookies enabled it enables cookies for all the tabs, and when you are on a tab that has cookies disabled it disables cookies for all the tabs.
Normally this isn't a problem, unless a background tab attempts to communicate with the server.
The way Settings and Domain Settings interact with the tabs is complex. And when editing Domain Settings it gets even more complex (imagine editing the domain of a Domain Settings to add or remove a wildcard, or to be a different subdomain). Hence, every time the user exits Settings or Domain Settings every tab is reloaded (refreshed) using the combined settings and Domain Settings as calculated for each tab from the current information. However, if some tabs have cookies enabled and other tabs have cookies disabled, then the last cookie setting that is applied will be applied to the entire app. Because a refreshed is then forced, tabs that require cookies when communicating with the server will fail if another tab has disabled cookies for the entire app.
This limitation in Android's WebView will be removed in the 4.x series with the release of Privacy WebView. See https://redmine.stoutner.com/issues/409.