No internet connection
  1. Home
  2. Support

Disabling 3rd party cookies in one's browser breaks blog comments login

By KajMagnus @KajMagnus2019-04-18 09:31:22.089Z2019-04-20 11:26:40.185Z

If you disables 3rd party cookies, then you cannot login to an embedded blog comments discussion. Because then no user id cookie is sent to the Talkyard server, and then the server doesn't know you're logged in. In fact, the server replies null to a get-user-data request, resulting in this error:

TypeError: Cannot read property 'id' of null
    at Object.e.me_toBriefUser (https://c1.ty-cdn.net/-/assets/v0.6.30-WIP-1/slim-bundle.min.js:10:316262)
    at Object.ID_1 (https://c1.ty-cdn.net/-/assets/v0.6.30-WIP-1/slim-bundle.min.js:10:339641)
    at n.$Dispatcher_invokeCallback (https://c1.ty-cdn.net/-/assets/v0.6.30-WIP-1/slim-bundle.min.js:10:264736)
    at n.dispatch (https://c1.ty-cdn.net/-/assets/v0.6.30-WIP-1/slim-bundle.min.js:10:264472)
    at n.e.ReactDispatcher.handleViewAction (https://c1.ty-cdn.net/-/assets/v0.6.30-WIP-1/slim-bundle.min.js:10:265419)
    at n (https://c1.ty-cdn.net/-/assets/v0.6.30-WIP-1/slim-bundle.min.js:10:304647)
    at https://c1.ty-cdn.net/-/assets/v0.6.30-WIP-1/slim-bundle.min.js:10:308343
    at https://c1.ty-cdn.net/-/assets/v0.6.30-WIP-1/slim-bundle.min.js:10:279445

As a temporary workaround, you can go here, in Chrome: chrome://settings/content/cookies?search=cookies and add your Talkyard blog comments site to the Allow list (at the end of the page).

Apparently this also affects iOS and macOS users, with Safari and ITP (Intelligent Tracking Prevention) which can block 3rd party cookies (i.e. the login session cookie, in the embedded comments <iframe>).

Reply
  • 3 replies
  1. KajMagnus @KajMagnus2019-04-18 09:32:57.386Z

    The real solution is probably that Talkyard sends the user id not only in a cookie, but also in a HTTP header or in the request body. Then, all will work fine, also without cookies. (Albeit one will need to login, on each page load.)

    This is b.t.w. already how anonymous guest login works, so maybe won't be too much trouble to do the same thing, also for real user accounts.

    Reply
    1. Progress
      with handling this problem
    2. @KajMagnus marked this topic as Started 2019-04-20 11:25:10.882Z.
    3. KajMagnus @KajMagnus2019-04-30 14:07:00.449Z

      'm currently trying out a fix over at my blog. Reportedly now works with macOS Safari and its cookie blocking ITP (previously, didn't).

      Reply
      1. KajMagnus @KajMagnus2019-05-09 14:28:42.596Z

        Fixed. Closing. Now blog comments work also with 3rd party cookies disabled, and with macOS and iOS ITP.

        And if one's browser blocks cookies, then one stays logged in only until page reload.

        Reply
        1. @KajMagnus marked this topic as Done 2019-05-09 14:28:48.779Z.
        Reply (discussion)Add progress note