Closed
Bug 516370
Opened 15 years ago
Closed 15 years ago
Firefox 3.5 always sets cookies on https Websites as "Encrypted connections only"
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: christophe_waber, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0 When I'm on a https page and the page ssets a normal Cookie "for any type of sessions" see the corresponding "Live http headers" order from the website : "Set-Cookie: language=de; Domain=.post.ch; Max-Age=31449600; Path="/"; Version=1; HttpOnly" Firefox 3.5 sets a secure cookie (Firefox 3.0.7 didn't, it wrote a normal "for any type of session" cookie) Reproducible: Always Steps to Reproduce: 1. clear cash + cookies 2. navigate to a https page who sets a "non secure" cookie (I can't give the example because it needs a password) 3. Actual Results: Look in the cookies : it's "secure" i.e. for "encrypted connections only" (I've had a look on it with the add-on "Live http headers" where I can see that the page sends the request right) Expected Results: The cookie should be written like with Firefox 3.0.7 : "for any type of session" and not only for "Encrypted".
Comment 1•15 years ago
|
||
This "worksforme". 1. clear cookies 2. go to https://addons.mozilla.org/ 3. check cookies -- none of them are "secure" cookies (if you log in to addons.mozilla.org you'll get a secure-only session coookie, but just that one) You obviously don't have a "stock" Firefox, you've got at least some "SwissPost/4.0" thing. Could this be one of your addons trying to be helpful?
Reporter | ||
Comment 2•15 years ago
|
||
You are right, thank you. The problem effectively comes from swisspost 4.0. But it works well on your example. So I think it is an internally Problem
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Version: unspecified → 3.5 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•