Closed
Bug 113331
Opened 24 years ago
Closed 23 years ago
can't log into AGEdwards
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
VERIFIED
FIXED
mozilla0.9.8
People
(Reporter: rginda, Assigned: morse)
References
()
Details
Attachments
(1 file)
1.36 KB,
patch
|
samir_bugzilla
:
review+
alecf
:
superreview+
|
Details | Diff | Splinter Review |
I can't log into my AGEdwards account with 0.9.6, but I can with 0.9.5.
The script at <http://www.agedwards.com/BCJVerification.js> doesn't seem to be
able to set a cookie named "BCJ_COOKIE", which it uses to figure out if the
client supports cookies.
You don't need an account to see the problem, just go to
<https://www.agedwards.com/ageconnect/ageclogin>. In 0.9.5 I am presented with
username and password fields, in 0.9.6 I get redirected to
<https://www.agedwards.com/bcj/CookieNotSetErr.html>.
To watch it f(l)ail, start the JavaScript Debugger (*before* loading the
acelogin), type "fbreak BCJVerification.js 3", and load the acelogin url.
You'll be able to single step through the JS and watch the cookie not get set.
This happens on NT *and* Linux, running 0.9.6.
Reporter | ||
Comment 1•24 years ago
|
||
this may be related to bug 110501.
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.8
Assignee | ||
Comment 3•23 years ago
|
||
Reason this is failing is that server is sending back a max-age=-1 on the
cookie. That's not valid. Here's what rfc2109 has to say about that:
Max-Age=delta-seconds
Optional. The Max-Age attribute defines the lifetime of the cookie,
in seconds. The delta-seconds value is a decimal non- negative integer.
After delta-seconds seconds elapse, the client should discard the cookie.
A value of zero means the cookie should be discarded immediately.
What's happening is that mozilla is treating the max-age of -1 as a request that
the cookie be expired one second ago. In other words, it expires the cookie
immediately.
Reason this website worked in 0.9.5 is because only recently did mozilla
start to recognize the max-age attribute. And Netscape 4 never recognized this
attribute which is why this site works on N4. I don't know what IE does with a
negative max-age, so I can't answer as to why the site is working with IE.
OK, the site is sending back an invalid cookie (negative max-age) so we can't be
faulted for rejecting it. But since this site works with IE and with nav4, we
need to do something intelligent so as to allow this site to function correctly.
The obvious thing is to completely ignore the max-age attribute if it has a
negative value. Since there is no other expires information, this cookie will
expire at the end of the session which is probably what the site intended.
Will create a patch to ignore negative max-age attributes.
Assignee | ||
Comment 4•23 years ago
|
||
Assignee | ||
Comment 5•23 years ago
|
||
cc'ing alecf and sgehani for reviews
Comment 6•23 years ago
|
||
Comment on attachment 62961 [details] [diff] [review]
ignore negative max-age on set-cookie requests
oh that's nasty. Maybe we can get Netscape evangelism to get them to fix their
site? it seems like maybe their server is just broken? I guess I'm not hugely
excited about working around this...
sr=alecf in the meantime though.
Attachment #62961 -
Flags: superreview+
Assignee | ||
Comment 7•23 years ago
|
||
It's not just this one site. Tomorrow we'll get bug reports about other sites
that work on IE and nav4 but fail on mozilla. We can't win the game on
evangalism alone -- we instead have to be compatible with what the other popular
browsers do. So this is not just an "in the meantime" fix.
Comment 8•23 years ago
|
||
Comment on attachment 62961 [details] [diff] [review]
ignore negative max-age on set-cookie requests
r=sgehani
I agree that we should ignore invalid values sent by the server. This is a
robust solution erring on the side of making things work. In the event that
the max-age value is not a number atoi() will return 0.
Attachment #62961 -
Flags: review+
Assignee | ||
Comment 9•23 years ago
|
||
Patch checked in
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 10•23 years ago
|
||
verified - negative max-age ignored, presented with AGe-connect Log-In page:
Win NT4 2002010303
Linux rh6 2002010308
Mac osX 2002010308
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•