Closed Bug 1687370 Opened 5 years ago Closed 11 months ago

Cannot log into celesia-dm.wikidot.com when schemeful sameSite cookie is on

Categories

(Core :: Networking: Cookies, defect, P3)

Product:
Core
Component:
Networking: Cookies
Type:
defect

Tracking

()

Status:
RESOLVED INVALID
Project Flags:
Webcompat Priority P3

People

(Reporter: twisniewski, Unassigned)

References

(Blocks 2 open bugs,
URL
)

Details

(Whiteboard: [necko-triaged])

As reported in https://webcompat.com/issues/65659, one cannot log into celesia-dm.wikidot.com while in a private browsing window or with strict ETP on.

While trying to log in, I see these two requests are blocked, so it may be related to them:

http://stats.g.doubleclick.net/dc.js
http://edge.quantserve.com/quant.js

It turns out that this issue has nothing to do with ETP or TP. I can reproduce this issue with or without ETP.

I have found the root cause of it. This webcompact issue is caused by the cookie sameSite schemeful. Flipping network.cookie.sameSite.schemeful to false will resolve this issue.

No longer blocks: tp-breakage
Component: Privacy: Anti-Tracking → Networking: Cookies
Summary: Cannot log into with Strict mode on → Cannot log into celesia-dm.wikidot.com when schemeful sameSite cookie is on
See Also: → schemeful-samesite

FWIW, I can't reproduce this by enable sameSite schemful on chrome.

Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]
Webcompat Priority: --- → ?
Webcompat Priority: ? → P3

Can you still reproduce this? Did you create an account for this?

Flags: needinfo?(twisniewski)

No, I didn't. But Tim was the one who did the diagnosis here, so I'll redirect to him for more info in case he does still have an account handy.

Flags: needinfo?(twisniewski) → needinfo?(tihuang)

The issue is no longer reproducible for ETP strict mode. But it has a different issue in the private browsing window. The login process won't complete in PBM, but the page will still get logged in after a refresh.

And I have created an account to test it.

Flags: needinfo?(tihuang)

Thanks Tim! Can you just check if disabling network.cookie.sameSite.schemeful fixes the issue? Otherwise it's probably unrelated to schemeful cookies.

(You could also test network.cookie.sameSite.laxByDefault just to be save).

Flags: needinfo?(tihuang)

No, disabling those two prefs won't fix this issue. So, I think it's unrelated to schemeful cookies.

Flags: needinfo?(tihuang)

De-prioritizing to align with schemeful-samesite.

Priority: P2 → P3

I cannot reproduce this issue enabling just network.cookie.sameSite.schemeful.

Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.