I have an app that people need to login to, but before they do cookies are required from the browser (I'm using session vars), then when they logout, I clear/destroy the session, and finally lead them to a logout successful page and drop the history.go(1) on the page before, so you can't go back and review previous secure sessions. Works great as I mentioned for IE, FF, and Chrome. (Haven't tried Opera yet)
IF, and only if, I "reset" the safari browser, and test with cookies off, it will behave properly, and acknowledge the site as designed and the user is reminded to "enable" their cookies before logging in. When done enabling, they are to click on a link to retry (retests for cookies) logging. That actually doesn't work (safari has already hard cached this page), but "refreshing" the browser does work and it realizes cookies are back on, and the login page shows correctly. I can then login and run normally, until... I logout. After logging out, as I mentioned above (despite the history.go(1), they can freely browse back through the entire previous secure session with ease. Not good manners, I say.
To make it worse, if I then go back in, clear the cache, and re-disable cookies in safari (to retest), I can login as if cookies are actually enabled. And all my session logic testing at every page that is secure is ignored. I'm able to surf the entire site (new pages included), as if the cookies are on. WTF?
It appears the only thing that you can count on from safari is a clean new browser session that has been "reset."
Here's a previous thread that had a great idea by randomizing the the login url, which I may try. It still doesn't solve the history back issue though.
Tell me Apple is fixing these bad behaviours. Is anyone else having similar issues? Any work arounds?
Did I mention that I'm running Vista 64 bit? Shame on me, I know, I know.