Closed Bug 388969 Opened 17 years ago Closed 17 years ago

sets cookie that exceptions shows to be blocked

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Version:
1.8 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: barking_barnacles, Unassigned)

References

(
URL
)

Details

(Keywords: privacy, qawanted, regression)

Attachments

(3 files)

Exceptions
53.82 KB, image/jpeg
Details
Cookies
66.75 KB, image/tiff
Details
marcia's hostperm file
204 bytes, text/plain
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5

Did new .5 upgrade. Browser now sets cookies that are in exceptions as blocked. Multiple sites but dilbert.com illustrates it fairly safely. 

Reproducible: Always

Steps to Reproduce:
1.install .5 upgrade
2.go to dilbert.com
3.check cookies, find blocked cookies from dilbert.com and oascentral.dilbert.com
Actual Results:  
get unwanted cookies

Expected Results:  
not get unwanted cookies

may be security problem in regards to unwanted cookies, adware, apyware, ect
Not a security issue per-se, but possibly a privacy issue. Do you have any addons that could be causing this problem? Can you reproduce the problem in safe-mode (http://kb.mozillazine.org/Safe_mode)?
Group: security
Keywords: privacy, qawanted, regression
Tried it in safe mode, still happens.
Fwiw, this is worksforme, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
Couldn't reproduce on Linux with Bonecho from today.
Reporter, would you be willing to attach your hostperm.1 file to the bug, which is stored in your profile directory?
It can be typically found in:
C:\Documents and Settings\mw\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.Default User5
where xxxxxxxx is a random name.
That file might give some clue about what is going on here.
also works for me with the 2.0.0.5 Release Build on Linux - also with the
dilbert steps to reproduce
#5: Here are parts relating to Dilbert site:
host	cookie	2	dilbert.com
host	cookie	8	oascentral.dilbert.com
host	cookie	2	dilbert.com
host	cookie	8	oascentral.dilbert.com

All the rest are equally unremarkable. Not trying to be evasive but publishing whole record is = to my web browsing history. Found nothing unusual in file.
Ok, thanks. Indeed, you should not post something you feel not comfortable with.
Here are some quick results from Mac. I went back to 2.0.0.4 because I wanted to set some exceptions and then make the jump to 2.0.0.5 to see what happens. I installed a fresh version of 2004 with a clean profile and then set give sites to block cookies. I then immediately visited all five sites. I grabbed some quick screenshots to show what happens. In my case the sites I listed in exceptions were not blocking cookies. Screenshots coming.
Attached image Exceptions 
Exceptions were set before visiting the sites.
Attached image Cookies 
Here is my list of cookies after visiting the sites.
Attached file marcia's hostperm file 
my hostperm file.
If you're only blocking cookies from "www.dilbert.com", I would expect "dilbert.com" to be able to set cookies... On the other hand, if you're blocking cookies from "dilbert.com" (note the lack of "www") I would NOT expect dilbert.com or any subdomains thereof to be able to set cookies.
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies
Version: unspecified → 1.8 Branch
retested with dilbert.com (cleared all my cookies out first and removed the entry for www.dilbert.com). Cookies from dilbert.com were blocked, but cookies from several ad sites related to dilbert.com do show up in Cookie Manager.
ric, can you please try the following:

1) go into cookie manager and clear any cookies relating to dilbert.com
2) make sure your exceptions are in place
3) enable cookie logging from the command line (instructions on how to do this can be found at http://www.mozilla.org/projects/netlib/cookies/cookie-log.html)
3) start the browser per instructions in that link, visit dilbert.com, close down the browser
4) attach the resulting cookie log to this bug.

this way, we can see exactly which cookie hosts are getting through.

i'd also note that based on comment 7, you're not blocking cookies from oascentral.dilbert.com - just restricting them to the current session, so you may indeed find cookies from that host. in fact, that host may also set domain cookies for .dilbert.com, which is what you could be seeing in cookie manager. (we handle exceptions based on the host that's trying to set the cookie, not on the domain it's trying to set it for - perhaps you're seeing bug 317229?)

i'm going to close this out as WFM, please reopen if you can provide the info described above, and with your exceptions list suitably amended.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: