Closed Bug 138560 Opened 23 years ago Closed 23 years ago

Dynamic Stylesheets cause loss of cookies (accept cookies from the originating web site only)

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.0

People

(Reporter: meyer_michael, Assigned: morse)

References

Details

This JSP page causes TomCat to create a new session on each request. ---------------snip-------- <html> <title><head> Dynamic Stylesheet Problem </title> <link rel="STYLESHEET" href="/mycontext/testpage.jsp" type="text/css"> </head><body> [SERVLET] [SESSIONID] <%=session.getId() %> <br> </body></html> --------------snip---------- This does only happen with server generated stylesheets within the same context as the jsp page. We haven't any problems encountered with images, ... This also only happens in mozilla 1.0rc1, and only with the configuration of cookies accept from servers of "the originating web site".
Blocks: 138483
Depends on: 134625
Target Milestone: --- → mozilla1.0
*** This bug has been confirmed by popular vote. ***
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: mozilla1.0 → ---
May be The Samebug: If one chooses "cookies accept from servers of the originating web site" The Browser gets problems with Stylesheets that are imported in the HTML-Head in this way: "<link rel="stylesheet" type="text/css" href="/zabrg/zeitabrechnung.nsf/CSS?OpenPage">" In 0.9.9 this is working fine, but since RC1 the Stylesheets are not loaded :( Also JavaScript, load in the HTML-Head causes this Problem... "<link rel="stylesheet" type="text/css" href="/zabrg/zeitabrechnung.nsf/CSS?OpenPage"> <script language="JavaScript" type="text/javascript" src="/zabrg/zeitabrechnung.nsf/JavaScript?OpenPage">"
This bug is pretty serious and not getting a whole lot of attention. On sites where access is controlled by cookies, this bug means you cannot use a relative URI to load a style sheet or JS file, which can often make the site unusable. I happen to have such a site, and this bug is crazy. Nominating for 1.0
Keywords: mozilla1.0
OS: Windows NT → All
Hardware: PC → All
*** Bug 143617 has been marked as a duplicate of this bug. ***
This bug also causes problems with Everything 2 (http://everything2.com/) for logged in users who use the 'ekw' theme.
Although the symptoms are different, the patch just posted to bug 137079 will probably fix this bug as well. Can someone who can reproduce this bug please apply that patch and see if it takes care of this problem.
Status: NEW → ASSIGNED
Keywords: nsbeta1
Target Milestone: --- → mozilla1.0
Nav triage team needs info: Does this happen on any top sites?
Whiteboard: [need info]
The impact of this one instance is small. But see the discussion in bug 137079. Although the symptoms there are different, the fix for that bug will fix many other bugs as well, this probably being one of them.
Yes, it does affect top sites (at least German top sites...) Here the ones I remember: http://my.advance.de (Advance Bank, major German Internet bank) http://www.waslos.de (popular Internet community) Those sites are unusable, unless you choose to "enable all cookies". Since 1.0 is targeted to end users this workarround might not be obvious to everybody. It still happens with rc2, btw.
Depends on: 137079
No longer depends on: 134625
Keywords: mozilla1.0, nsbeta1
Being marked fixed since the patch for 137079 is checked in on trunk. However it is not yet fixed on the branch.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Keywords: fixed1.0.0
verified branch and trunk
Status: RESOLVED → VERIFIED
Keywords: verified1.0.0
keyword correction: fixed and verified are mutually exclusive.
Keywords: fixed1.0.0
Whiteboard: [need info]
You need to log in before you can comment on or make changes to this bug.