Cookies shared across profiles

korrespond

When I log into an account on one profile, it logs me into the account on other profiles. This is contrary to how profiles should work.

To reproduce:

Create a new profile, so that there at least two profiles
On one profile, log into a Google account
Switch to the other profile and observe that you are now logged into the same account.

Logging out on the new profile logs out from the account on the other profile.

Profiles should be kept entirely separate in their site data and cookies. I should be able to be using separate Google accounts on each profile.

0.99.130.1-beta

Sequoia (15)

laiz

korrespond
Are these steps 100% consistent in reproducing the issue? Is either of the profiles a 'Default' profile or could I reproduce this bug on two fresh profiles?

You aren't the first one to report this bug, but finding reliable steps for reproducing the issue has been difficult so far.

korrespond

laiz I apologise, for some undetermined reason, it now seems to be working as intended. But when it wasn't working properly, it was indeed a 'Default' profile and a fresh profile. If the issue reoccurs I'll provide a more detailed analysis.

gp

Is there any more minimal reproduction case here that we can use to test the basic isolations that we expect to see? (Logins are generally held in cookies, for example)

I created a clean Orion RC install, then created a second profile (template being a "Clean Profile"), and then used the two profiles to browse to https://setcookie.net.

I set a cookie in the "new" second profile, and it was not visible when visiting the site from the default (original profile), so there was no "leak" from profile 2 into profile 1.

I then repeated this by setting a cookie in the default profile, and it did not leak into the newly created profile.

Therefore I cannot see any leakage of cookies between profiles, at least in this test.

nocoolnametom

Not sure if it helps, but I think it might have something to do with updates? I've just had it happen to me twice now, and the only thing in common to me seems to be the browser updates.

Make two profiles, [Work] (Default) and [Personal]. Ignore updates for weeks. Profiles are entirely seperate, with [Work] logged into work-based Google Workspaces email acconts and [Personal] logged into personal Gmail account.
Give in and update Orion RC (I don't remember the version numbers) with windows open for both [Work] and [Personal].
Go to re-opened [Personal] window after update finishes and notice that the GApps belong to [Work]. Check [Work] in case somehow they got mixed up, but both windows are now using the same work-based Google Workspaces.
Log out of Google on already-open [Personal] window. Check already-open [Work] window by refreshing to find that [Work] window is also logged out of Google accounts. Log back in on [Work] to work-based GApps and refresh [Personal] to find that it is also logged back into work-based GApps without any additional action taken besides refreshing.
Quit Orion RC entirely and restart, opening new windows for both profiles. Test logging in/out. Login status remains entangled for both profiles.
Create new [Personal2] profile, and install same extensions and get in same UI state as [Personal]. Log into personal Gmail account on [Personal2] and log into work-based GApps on [Work]. Both profile windows are now separate again. Delete [Personal] profile. All is good. (This was all just yesterday for me).
Get notice to update again this morning. Supposing that perhaps updating might be causing the issues I close all windows for [Work] and [Personal2] (quitting [Personal2] entirely), then continue with the update. The only Orion RC window active is the download progress box.
Updating process completes (I am now on version 0.99.132.2-rc (WebKit 621.1.2.111.4)). I open a new [Personal2] window, and go to Gmail, but I find that [Personal2] is now logged into work-based GApps accounts. Logout on [Personal2] window, then open [Work] profile: it is also already logged out.
Go to feedback pages (here) to check if this problem is known and has any resolution. See that it isn't, so I put in everything I can think of from this morning and yesterday to try and help in reproducing the issue for testing.
Post this reply, then I'll begin creating [Personal3], assuming that [Personal3] will not be entangled, while [Personal2] and [Work] will continue to remain entangled, even through a full quit and re-opening.

Edit:

It didn't work, and all new profiles seem to be entangled as well. I made multiple new profiles, both clean and using [Personal2]. The process is the same for all of them:

Create new [Personal*] profile. New window opens for the profile. Verify that Google accounts are not logged in for new profile window by going to google.com. Do nothing else.
Close all windows for profile. Quit new [Personal*] profile via right-clicking on taskbar icon for new profile.
Open new [Personal] profile window by right-clicking on regular Orion taskbar icon. [Personal] window opens. Go to google.com, and the upper-right-hand icon for work-based account is present. Logging in and out on new [Personal*] profile window is entangled with [Work.]