api-issue-tracker
api-issue-tracker copied to clipboard
SketchUp
Cookies set in a `UI::HtmlDialog` no longer usable in other, simultaneously open SU instances on Windows
SketchUp Pro 2021.1.299 Windows 10 Home 20H2 (19042.1237)
Description
On Windows w/ the latest version of SU Pro, it seems that cookies (not sure if it is all or HttpOnly) are not shared between different, simultaneously open instances of SketchUp and the UI::HtmlDialog opened in those models.
If you open one model, create a UI::HtmlDialog that accesses a remote URL that sets a cookie, that cookie is no longer sent w/ requests if you open a second model (while keeping the first one open) and try to access that same domain in another dialog.
I believe this issue is a regression; our use of SU hasn't changed, but this only became an issue after upgrading from 2021.0.X to 2021.1.299. We also never saw this issue in previous year versions of SU, either. I assume the introduction of this change happened with the CEF update.
Additionally, this has not been an issue on macOS with multiple models open regardless of SU version.
Background
I have a webapp that requires authentication to access. I have a SU extension that uses UI::HtmlDialog to access the webapp and allow the webapp to interact w/ content in the local SU model. When a user first opens a dialog to access the webapp, they will be redirected to a login form. I use HttpOnly cookies for authentication.
This issue prevents reusing that auth cookie across multiple open models when developing data in SU; it forces a user to log in again in order to use the webapp in second, third, etc. opened models. And if a user has 2FA set up for their account, it just gives a bit more friction when using multiple models.
Steps to reproduce the issue
# Snippet to use in the steps described below
dialog = UI::HtmlDialog.new
dialog.set_url('https://gmail.com')
dialog.show
- Close all existing instances of SU
- Open a model in SU (blank or from an existing SKP)
- The primary instance of SU has focus
- The primary instance of SU is the only instance open
- In the Ruby console, copy the above snippet and hit Enter
- A dialog should open; you will likely need to log in. If you do not need to log in, ignore step 3
- Log in to Gmail in the dialog
- Close the dialog
- Paste the above snippet in to the Ruby console
- Note that you are still logged in to Gmail
- Close the primary instance of SU
- All instances of SU should be closed
- Reopen any model in SU
- The primary instance of SU should come up and have focus
- Paste the above snippet in to the Ruby console
- Note that you are still logged in to Gmail
- Open a new SU model
- The second instance of SU should have focus
- The primary instance of SU should still be open but it is in the background
- Paste the above snippet in to the Ruby console of the second instance of SU
- Note that you are NOT logged in to Gmail
- Give focus to the primary instance of SU
- The primary instance of SU should have focus
- The secondary instance of SU should still be open but it is in the background
- Close any existing dialogs in the primary instance of SU
- Use the above snippet again
- You should still be logged in to Gmail
- Close all instances of SU
- Both the primary and second instances should be gone
- If you open a new instance of SU, you shouldn't have to log back in to gmail if you run the snippet one more time
When originally working with the user who discovered this bug, we tested basically these steps but with my webapp. After we narrowed down the conditions this issue was present, we uninstalled their version of SU and installed an older 2021.0.X (I think it was .391?) version. We were not able to use the steps above to reproduce this issue with my webapp in the older 2021.0.X version. We then reinstalled the latest version, and we were then once again able to reproduce the issue.
I'm using gmail above because I did a quick test this morning with my user to make sure the issue was present for gmail, too; we did not test gmail on the older 2021.0.391 (because they didn't have the time to uninstall/reinstall/uninstall/reinstall again), but it seems to be the same behavior as we experienced w/ my webapp.
Expected result
Cookies available to the first instance of SU and UI::HtmlDialog are also set and available in other simultaneously open instances of SU with UI::HtmlDialog. As applied to the reproduction steps above, I'd expect to be signed in to Gmail in both instances of SU.
Thanks for the help!
On Windows w/ the latest version of SU Pro ...
FYI, a new version was just released. (21.1.332) but had no Ruby API changes.
Thanks for the heads up! The user was able to update to 332, and they reported to me that the issue still exists.
I seem to remember someone else having issues with cookies recently. Cannot find the topic now. (I did look.)
If it's any help the SketchUp web caches are here on Windows:
plugins = Sketchup.find_support_file("Plugins")
cache_path = File.join(plugins.split('/')[0..-3]<<'WebCache')
Windows: "%APPDATA%/SketchUp/SketchUp 2021/WebCache"
Might also work for Mac ... something like: "~/Library/Application Support/SketchUp 2021/WebCache"
Do you think perhaps the Chromium v80 changes to SameSite behavior have anything to do with your issues ?
https://www.chromium.org/updates/same-site/faq
https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html
https://www.chromium.org/updates/same-site
?
Do you think perhaps the Chromium v80 changes to
SameSitebehavior have anything to do with your issues ?
I don't believe so. The auth cookie is set with samesite=lax explicitly, so I'm not sure the changes to Chromium's handling of samesite should be the difference. Also, I'd guess not samesite-related because the the repro steps above demonstrate the issue on a single domain.
But I could be wrong! Wouldn't be the first time haha
I'm not sure what the cause is, whether it's result of CEF upgrade and related to changes in CEF itself or in SU. Logging it for investigation.
Hi sasmithjr,
I tested this on Windows using SketchUp 2025.0, and it worked as expected. I opened Gmail and logged in through the first instance. When I opened a second instance, I was still logged in. It seems to be functioning correctly. Additionally, after closing and relaunching SketchUp, and launching Gmail, I remained logged into.
dialog = UI::HtmlDialog.new dialog.set_url('https://gmail.com') dialog.show
Could you please let us know if this is still an issue for you? Thanks
