Closed Bug 140668 Opened 22 years ago Closed 22 years ago

Login and password not working properly, once logged in.

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
FreeBSD
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.0

People

(Reporter: jrh, Assigned: morse)

References

(
URL
)

Details

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc1) Gecko/20020425
BuildID:    0000000000

On the American Airlines website, you can login using your frequent flier
account number and password in order to book reservations, view miles, etc. When
you login, you input both the id and a password so that you can then visit other
sections of the website, during this session, without being prompted again. With
Mozilla 1.0rc1, once you're given this login screen, you are seemingly able to
login, but any attempts to visit 'restricted' sections of the website are met
with the same login screen.

Using Netscape 4.76 on Linux and IE 5 on Windows, you get the expected result of
not being prompted with this screen.


Reproducible: Always
Steps to Reproduce:
1. Go to http://www.aa.com/ and press the login button on the top of the screen.
2. Login with your AAdvantage number and password.
3. Attempt to then use the "Reservations" -> "View Reservations" sidebar menu to
look at things currently booked.

Actual Results:  I'm prompted for the same login screen as I saw when I first
hit the login button.


Expected Results:  I would have expected it to do the authorization properly so
I could continue on without needing to login to each and every page.


This may be difficult to reproduce without an account/AAdvantage number  with
American. I'm more than happy to help out in any way I can, however.
Josh, what are your cookie settings set to?
Oops, My mistake... they were set for originating site only. All is fine if I
just accept all cookies.

Josh, are the hostnames involved actually different? Or are they all www.aa.com?
It's not obvious to me that there's any changing of hostnames from aa.com.
Certainly the URL never changes in an obvious way to the user... There may be
some redirection behind the scenes that I'm not aware of. Another interesting
'feature' is that when I only accept cookies from the originating site and
attempt to enter a restricted section, without having gone through the 'login'
button process, I'm prompted by said login screen, can enter my
username/password and it works for that one page, but any attempts to visit
further pages result in the issue I described: another login screen.
This is probably why I didn't think to check my cookies the first time through.

Sounds like something's weird in cookie-land here...  :)
Assignee: sgehani → morse
Status: UNCONFIRMED → NEW
Component: XP Apps → Cookies
Ever confirmed: true
QA Contact: paw → tever
I'd tend to agree. There's a strong possibility they have something going on
where I'm getting a cookie from something other than aa.com. I'd be more than
happy to wipe out cookies and see what I get if you think it'd help.

Although the symptoms are different, the patch just posted to bug 137079 will 
probably fix this bug as well.  Can someone who can reproduce this bug please 
apply that patch and see if it takes care of this problem.
Status: NEW → ASSIGNED
Keywords: mozilla1.0, nsbeta1
Target Milestone: --- → mozilla1.0
I applied this patch to source I checked out last night. It does
indeed seem to fix my issue.
My vote is "Ship It."
Depends on: 137079
Keywords: mozilla1.0, nsbeta1
Being marked fixed since the patch for 137079 is checked in on trunk.  However 
it is not yet fixed on the branch.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Keywords: fixed1.0.0
verified branch and trunk
Status: RESOLVED → VERIFIED
Keywords: verified1.0.0
You need to log in before you can comment on or make changes to this bug.