Closed
Bug 114709
Opened 23 years ago
Closed 23 years ago
Redirection Limit error.
Categories
(Core :: Networking: Cookies, defect)
Core
Networking: Cookies
Tracking
()
VERIFIED
FIXED
mozilla0.9.8
People
(Reporter: ssaux, Assigned: morse)
References
()
Details
(Whiteboard: checklinux, checkwin)
Attachments
(1 file)
2.04 KB,
patch
|
samir_bugzilla
:
review+
alecf
:
superreview+
|
Details | Diff | Splinter Review |
Build ID: 2001121003 Start moz. go to http://www.nytimes.com click on a story link, you get the redirection limit error dialog. Dismiss the dialog, click on the link again. Page loads.
Comment 1•23 years ago
|
||
networking. Happens on Linux too.
Assignee: asa → darin
Component: Browser-General → Networking: HTTP
OS: Windows 2000 → All
QA Contact: doronr → tever
Hardware: PC → All
Comment 2•23 years ago
|
||
ssaux: can you try adjusting the pref: user_pref("network.http.redirection-limit", 10); from 10 to something larger and see if this problem goes away? perhaps we need to make the default for this something larger... or perhaps this indicates some infinite redirect case on nytimes.com. thx!
FWIW, I cannot reproduce this with a 12-11 nightly. Looking through a packet dump I can't find any loops either. I would say this shows why including the URL in the error message is a good idea.
Reporter | ||
Comment 4•23 years ago
|
||
I tried a few things, but couldn't reproduce. I'll let you know if it occurs again.
Comment 5•23 years ago
|
||
I can reproduce this by visiting https://www.mybroker.co.uk using both 0.9.6 and build 2001121308-trunk on Linux (Red Hat 7.1 + updates). The problem appears to be cookie related and in particular, the "Limit maximum lifetime of cookies" option in the cookies section of the privacy & security preferences. Normally I have this option checked and select "current session". If you log in to the site mentioned with a bogus username & password ('foo' & 'bar' for instance) it overwrites the (initial) session cookies with new values and a new expiry date from 1970, and so they should be junked. With the builds mentioned of Mozilla, the page gets reloaded several times and then if after getting the "redirection limit exceeded" dialog you view the stored cookies, you'll see that they are still there and are scheduled to expire at the end of the current session. It appears therefore they get (wrongly) presented again to the site when the failed logon page is retrieved, but as the site uses the cookies to identify the user and these cookies are bogus, you get immediately redirected again to the failed logon page. This cycle repeats for ever until the redirection limit exceeded message pops up. Fix should be for the cookies to always be junked if they have an expiry date in the past regardless of the settings in cookie preferences.
Assignee | ||
Comment 7•23 years ago
|
||
Chris Underhill, thanks for doing the analysis on this. You are absolutely correct -- the problem is being caused by limiting expired cookies to session cookie, thereby inadvertantly extending rather than limiting their lifetimes. Same problem will occur with p3p when it tries to downgrade a cookie to a session cookie -- therefore it needs to test for expired cookies before doing such downgrading. Attaching patch that fixes problems.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.8
Assignee | ||
Comment 8•23 years ago
|
||
Assignee | ||
Comment 9•23 years ago
|
||
cc'ing alecf and sgehani for reviews.
Comment 10•23 years ago
|
||
Comment on attachment 61887 [details] [diff] [review] test for expired cookie before downgrading to session cookie add some comments to the c++ (the JS ones explaint this well) and sr=alecf
Attachment #61887 -
Flags: superreview+
Comment 11•23 years ago
|
||
An additional thought - some sites use cookies with an expiry date of just a few minutes in the future as a method of forcing (normal!) users to login again if they have been idle for too long. AFAICT, if the preferences are set to convert cookies to all be session cookies, this will no longer work: The "expires in n minutes" will be "downgraded" to expires at end of session, which, as Mozilla is now very reliable, could well be more than n minutes in the future. A better solution imo would be to process/expire such (downgraded) cookies as normal but simply do not write them to the cookie file, so they that they are unknown to subsequent sessions but do expire correctly.
Assignee | ||
Comment 12•23 years ago
|
||
Yes, you are correct in that cookies set to expire in the "very near future" will instead be "upgraded" to live for the entire session. But that's much less serious than the current problem, so I suggest you open a separate bug report on it. Reference this bug number in that report.
Comment 13•23 years ago
|
||
Comment on attachment 61887 [details] [diff] [review] test for expired cookie before downgrading to session cookie r=sgehani
Attachment #61887 -
Flags: review+
Assignee | ||
Comment 14•23 years ago
|
||
Patch checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 15•23 years ago
|
||
*** Bug 116875 has been marked as a duplicate of this bug. ***
Comment 16•23 years ago
|
||
*** Bug 117635 has been marked as a duplicate of this bug. ***
Comment 17•23 years ago
|
||
*** Bug 119580 has been marked as a duplicate of this bug. ***
Comment 18•23 years ago
|
||
The fix in this bug perhaps applied to https://www.mybroker.co.uk, but did not apply to http://www.nytimes.com/ (see bug 119716). Since the three dups above were all for nytimes.com, I'm changing the URL for this bug to point to https://www.mybroker.co.uk, and leaving bug 119716 for the nytimes.com situation.
Comment 19•23 years ago
|
||
*** Bug 122598 has been marked as a duplicate of this bug. ***
Comment 20•22 years ago
|
||
*** Bug 164236 has been marked as a duplicate of this bug. ***
Comment 21•20 years ago
|
||
V/fixed. Mac OS X, Mozilla 1.84a, cookies in the past never appear in cookie manager.
Status: RESOLVED → VERIFIED
Whiteboard: checklinux, checkwin
You need to log in
before you can comment on or make changes to this bug.
Description
•