Closed
Bug 239933
Opened 20 years ago
Closed 20 years ago
[P3P] Accept based on privacy settings appears to be broken
Categories
(Core :: Networking: Cookies, defect)
Core
Networking: Cookies
Tracking
()
RESOLVED
FIXED
People
(Reporter: hjtoi-bugzilla, Assigned: mkaply)
Details
(Keywords: fixed1.7.5, regression)
Attachments
(1 file)
713 bytes,
patch
|
dwitte
:
review+
darin.moz
:
superreview+
mkaply
:
approval-aviary+
mkaply
:
approval1.7.5+
|
Details | Diff | Splinter Review |
Path: secnews.netscape.com!not-for-mail From: "Toli" <bla@bla.bla> Newsgroups: netscape.public.mozilla.browser Subject: Broken cookie-handling in Mozilla 1.7b Date: Wed, 24 Mar 2004 14:59:29 +0100 Organization: Another Netscape Collabra Server User Lines: 48 Message-ID: <c3s487$q0r1@ripley.netscape.com> NNTP-Posting-Host: mal-bounty.malmo.kicore.net X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Xref: secnews.netscape.com netscape.public.mozilla.browser:11587 Hi! I just tried out the Mozilla 1.7beta together with one of our products for web content management, and it does not work with Moz 1.7b. The product uses an Java-applet which makes http-calls back to the webserver, and the problem is that the session-cookies does not seem to get included in these calls. (it has always worked without a flaw in all versions of IE, Netscape, Opera and Mozilla up until now) It DOES work if I set the "Cookie Acceptance Policy" to "Allow cookies for the originating web sites only" or "Allow all cookies", but if I keept it at "Allow cookies based on privacy settings" it never works no matter what privacy settings i use. I tried setting level of privacy to "low" - no go. I also tried "custom" and set EVERYTHING to "Accept" - still no go. From this I draw the conclusion that the "Allow cookies based on privacy settings"-setting is broken in Moz 1.7b for cookies in http-calls from a java-applet... Btw I use Sun's Java-plugin v1.4.2_03. When I check stored cookies in the "Cookie Manager" i Mozilla, I find the session-cookies for our site: Name: SiteshaperId1 Content: 0200221412333303 Host: mal-bounty.malmo.kicore.net Path: / Send for: Any type of connection Expires: at end of session Policy: no policy about storing identifiable information And: Name: JSESSIONID Content: 00DA9E8D459D1B27F28405EBAF28B661 Host: mal-bounty.malmo.kicore.net Path: / Send for: Any type of connection Expires: at end of session Policy: no policy about storing identifiable information ...nothing strange here... Does anyone know anything about this? Where do I post a proper bug-report? ...we'd sure like to see this issue fixed as some of our customers may want to use Mozilla... Regards, Tobias Lind
Comment 1•20 years ago
|
||
This is the place for bug reports :) Please try to create a cookie log as described at http://www.mozilla.org/projects/netlib/cookies/cookie-log.html
Comment 2•20 years ago
|
||
mvl, note the reporter vs. the report :) Heikki, did any reply/link to this bug get posted to the newsgroup? Can someone do that if not already? :)
Reporter | ||
Comment 3•20 years ago
|
||
I posted a follow up to the news with a ref to this bug.
Comment 4•20 years ago
|
||
I noticed the same problem with Mozilla 1.6. The setting "cookies based on privacy settings" doesn't seem to change the behaviour even if I set the radio button to "Custom" and change all values to "Accept".
Comment 5•20 years ago
|
||
if this is really broken, this raises the question of "so now what?" wrt the future of P3P.
Summary: Cookies based on privacy settings don't work in 1.7b → [P3P] Accept based on privacy settings appears to be broken
Comment 6•20 years ago
|
||
If ti is broken in general, that question must be answered. If it is broken for java plugins, that alone doesn't justify removing p3p. I think that in that case we don't pass a right channel or whatever to p3p to get the p3p info from. So it bails out, and denies all cookies.
Comment 7•20 years ago
|
||
I can also verify that this is broken in 1.6.
Comment 8•20 years ago
|
||
what is 'it'? p3p when java applets make network calls? p3p in general?
I have Moz.1.7 configured to go by privacy settings when accepting cookies. It is set to flag cookies from sites with no policy, and accept or sessionize cookies from sites without one. I've just set up a privacy policy on my site. http://www.virginiaquilter.com/ . The P3P Validor says it's all set up properly. It's not linked from any pages, but rather in the http headers. My cookies are still being flagged, and the cookie manager indicates that there is no policy set.
Assignee | ||
Comment 10•20 years ago
|
||
Can someone help me with how to test/debug this?
Comment 11•20 years ago
|
||
a testcase and a cookie log would help. not putting all kinds of p3p problems in this bug would also help. This seems to be about a java applet and cookies not working, not about other sites or flagged cookies.
Assignee | ||
Comment 12•20 years ago
|
||
Confirming. This broke between 1.5a and 1.5b - most likely culprit is blake's checkin for rewriting cookies. Easiest way to test this, is make sure you have no virginiaquilter.com cookies, then set your P3P preferences to reject everything using Custom. Then go to virginiaquilter.com and click on "Enter Fabric Store" If you go to the cookie manager, you'll see you have cookies set when you should have none.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Hardware: PC → All
Comment 13•20 years ago
|
||
blake rewrote cookies?
Assignee | ||
Comment 14•20 years ago
|
||
Blake checked it in :) We think we have more info. It appears that the cookie code is not properly listening to changes in the P3P preferences. Scenario looks like this: New profile Start Mozilla - you MUST load a web page that does cookies right off the bat - NOT about:blank! Go to preferences Set P3P options to reject everything. Go to www.virginiaquilter.com Enter the store. Go to cookie manager - you got cookies when you shouldn't have. If you start with about:blank, you don't see the problem.
Comment 15•20 years ago
|
||
http://lxr.mozilla.org/mozilla/source/extensions/p3p/src/nsP3PService.cpp#73 that is the function that observes pref changes for p3p... you could throw a printf in there, to ensure everything is well after you change the pref. also, see if aHttpChannel at http://lxr.mozilla.org/mozilla/source/extensions/p3p/src/nsP3PService.cpp#141 is nonnull. (you're using trunk - not some crazy 1.5 branch, right?)
Comment 16•20 years ago
|
||
> http://lxr.mozilla.org/mozilla/source/extensions/p3p/src/nsP3PService.cpp#73 though that code is pretty ugly, i'm not spotting any obvious mistakes in it. > (you're using trunk - not some crazy 1.5 branch, right?) right, reproducible cross-platform on the trunk. it seems that the problem only occurs if the P3P preference is changed after the P3P service has already been initialized. so, that seems to suggest that Observe is not getting called properly.
Assignee | ||
Comment 17•20 years ago
|
||
This is pref observer related. The PrefChanged observer function isn't getting called when you change the preferences after the service is started.
Comment 18•20 years ago
|
||
http://lxr.mozilla.org/mozilla/source/extensions/p3p/src/nsP3PService.cpp#61 is that succeeding?
Assignee | ||
Comment 19•20 years ago
|
||
Actually I've got it. Patch coming. The AddObserver is failing because of the weak reference. We should be passing PR_FALSE on AddObserver.
Assignee | ||
Comment 20•20 years ago
|
||
Should be passing PR_FALSE not PR_TRUE to the AddObserver because P3P doesn't support weak references.
Assignee: darin → mkaply
Status: NEW → ASSIGNED
Assignee | ||
Updated•20 years ago
|
Attachment #155193 -
Flags: superreview?(darin)
Attachment #155193 -
Flags: review?(dwitte)
Updated•20 years ago
|
Attachment #155193 -
Flags: superreview?(darin) → superreview+
Updated•20 years ago
|
Attachment #155193 -
Flags: review?(dwitte) → review+
Assignee | ||
Comment 21•20 years ago
|
||
Comment on attachment 155193 [details] [diff] [review] Fix for problem a=me for aviary and 1.73 - regression
Attachment #155193 -
Flags: approval1.7.3+
Attachment #155193 -
Flags: approval-aviary+
Assignee | ||
Comment 22•20 years ago
|
||
fix in everywhere
You need to log in
before you can comment on or make changes to this bug.
Description
•