Closed Bug 1616612 Opened 2 years ago Closed 2 years ago

[DynamicFirstPartyIsolation] breaks sign in on airnewzealand.com

Categories

(Core :: Privacy: Anti-Tracking, defect, P3)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1616585

People

(Reporter: xeonchen, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 obsolete file)

The has almost the same reproducing steps to bug 1459620, but uses dynamic first party isolation rather than first party isolation.
It might also have similar root cause to bug 1616585.

After logged in, it shows "Sign out" and immediately redirect to signed-out state.

It also shows error while creating a new account, however the account is still valid and can be used for log-in on another profile.

Priority: -- → P3

The WIP patch makes the first log-in process success, but if user restarts the browser or manually logged out, if will no longer be able to log in.

Successful log-in process is:

  1. click login, it will redirect to login page (https://auth.airnewzealand.co.nz/).
  2. submit credential and it will write 2 session cookies JSESSIONID and VAH-LB to auth.airnewzealand.co.nz, then redirect back to homepage (https://www.airnewzealand.com/)
  3. at home page it checks log-in state by sending request to login page, the cookies will be copied because it passes all criteria.

Failure case:

  1. connect to homepage, JSESSIONID and VAH-LB will be created with first-party domain
  2. JSESSIONID and VAH-LB will never be updated again.
Attachment #9134454 - Attachment is obsolete: true
Blocks: DynamicFirstPartyIsolation
No longer blocks: dfpi-breakage
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1616585
You need to log in before you can comment on or make changes to this bug.