Closed
Bug 1616612
Opened 5 years ago
Closed 5 years ago
[DynamicFirstPartyIsolation] breaks sign in on airnewzealand.com
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Core
Privacy: Anti-Tracking
Tracking
()
RESOLVED
DUPLICATE
of bug 1616585
People
(Reporter: xeonchen, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(1 obsolete file)
The has almost the same reproducing steps to bug 1459620, but uses dynamic first party isolation rather than first party isolation.
It might also have similar root cause to bug 1616585.
After logged in, it shows "Sign out" and immediately redirect to signed-out state.
It also shows error while creating a new account, however the account is still valid and can be used for log-in on another profile.
Updated•5 years ago
|
Priority: -- → P3
Reporter | ||
Comment 1•5 years ago
|
||
Reporter | ||
Comment 2•5 years ago
|
||
The WIP patch makes the first log-in process success, but if user restarts the browser or manually logged out, if will no longer be able to log in.
Successful log-in process is:
- click login, it will redirect to login page (https://auth.airnewzealand.co.nz/).
- submit credential and it will write 2 session cookies
JSESSIONID
andVAH-LB
toauth.airnewzealand.co.nz
, then redirect back to homepage (https://www.airnewzealand.com/) - at home page it checks log-in state by sending request to login page, the cookies will be copied because it passes all criteria.
Failure case:
- connect to homepage,
JSESSIONID
andVAH-LB
will be created with first-party domain JSESSIONID
andVAH-LB
will never be updated again.
Updated•5 years ago
|
Attachment #9134454 -
Attachment is obsolete: true
Reporter | ||
Updated•5 years ago
|
Reporter | ||
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•