Closed
Bug 389055
Opened 17 years ago
Closed 17 years ago
Improper handling of cookie exceptions that have exceptions
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 317229
People
(Reporter: thebugreporter, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 Build Identifier: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 This is a bug I've been wanting to report for a long time, but I only now found a decent site with which to illustrate it properly. Sorry about the length of this, but it's necessary to fully understand where the bug is. Diagnostic Sequence I --------------------- Steps to Perform: 1. Create a new profile with no extensions (except DOM Inspector). 2. Run Firefox using this new profile. 3. Go to <http://www.bigfishgames.com/online-games/index.html>. Observed Behavior: a. The page sent from the site requests an eMail address. Steps (continued): 4. Enter a valid-looking eMail address and click "Submit". Behavior (continued): b. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies lists, among others, cookies for ".bigfishgames.com" named "cookie_ol_passthru" (which expires five years from now), and "OAX" (which expires 2020/12/31). c. The page sent from the site lists available games. Steps (continued): 5. Delete all cookies except the one for ".bigfishgames.com" named "cookie_ol_passthru". 6. Restart Firefox using the same profile. Behavior (continued): d. Tools | Options | Privacy | Cookies | Show Cookies shows that the undeleted cookie was retained. Steps (continued): 7. Go to <http://www.bigfishgames.com/online-games/index.html>. Behavior (continued): e. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies lists, among others, a cookie for ".bigfishgames.com" named "cookie_ol_passthru" (which expires five years from now), and "OAX" (which expires 2020/12/31). f. The page sent from the site lists available games; the request for an eMail address is bypassed. Diagnostic Sequence II ---------------------- Steps to Perform: 1. Create a new profile with no extensions (except DOM Inspector). 2. Run Firefox using this new profile, AND set Tools | Options | Privacy | Cookies | Keep until: to "I close Firefox". 3. Go to <http://www.bigfishgames.com/online-games/index.html>. Observed Behavior: a. The page sent from the site requests an eMail address. Steps (continued): 4. Enter a valid-looking eMail address and click "Submit". Behavior (continued): b. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies lists, among others, cookies for ".bigfishgames.com" named "cookie_ol_passthru" and "OAX", BUT this time both expire "at end of session". c. The page sent from the site lists available games. Steps (continued): 5. Delete all cookies except the one for ".bigfishgames.com" named "cookie_ol_passthru". 6. Restart Firefox using the same profile. Behavior (continued): d. Tools | Options | Privacy | Cookies | Show Cookies shows that the undeleted cookie was NOT retained. Steps (continued): 7. Go to <http://www.bigfishgames.com/online-games/index.html>. Behavior (continued): e. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies does NOT list cookies for ".bigfishgames.com" named "cookie_ol_passthru" or "OAX". f. The page sent from the site again requests an eMail address. Diagnostic Sequence III ----------------------- Steps to Reproduce BUG: 1. Create a new profile with no extensions (except DOM Inspector). 2. Run Firefox using this new profile, set Tools | Options | Privacy | Cookies | Keep until: to "I close Firefox", AND set the following Exceptions: -- bigfishgames.com = Allow -- www.bigfishgames.com = Allow for Session 3. Go to <http://www.bigfishgames.com/online-games/index.html>. Observed Behavior: a. The page sent from the site requests an eMail address. Steps (continued): 4. Enter a valid-looking eMail address and click "Submit". Behavior (continued): b. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies lists, among others, cookies for ".bigfishgames.com" named "cookie_ol_passthru" (which expires "at end of session"), and "OAX" (which expires 2020/12/31). c. The page sent from the site lists available games. EXPECTED Behavior: B. Treatment of all cookies for ".bigfishgames.com" should be consistent; all should retain their site-specified expiration dates. Steps (continued): 5. Delete all cookies except the one for ".bigfishgames.com" named "cookie_ol_passthru". 6. Restart Firefox using the same profile. Behavior (continued): d. Tools | Options | Privacy | Cookies | Show Cookies shows that the undeleted cookie was NOT retained. EXPECTED Behavior: D. The undeleted cookie should have been retained; it should not have had its date altered to prevent retention, as an exception specifically intended to prevent this was and is present. Steps (continued): 7. Go to <http://www.bigfishgames.com/online-games/index.html>. Behavior (continued): e. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies does NOT list cookies for ".bigfishgames.com" named "cookie_ol_passthru" or "OAX". f. The page sent from the site again requests an eMail address. EXPECTED Behavior: F. The page sent from the site should list available games; the request for an eMail address should have been bypassed. Reproducible: Always
|
||
Comment 1•17 years ago
|
||
wow, thorough description. ;) this has already been filed as bug 317229... in particular see https://bugzilla.mozilla.org/show_bug.cgi?id=317229#c9.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•