Open Bug 1721786 Opened 4 years ago Updated 2 years ago

Network Monitor -> open New Tab for File results in a new Session

Categories

(DevTools :: Netmonitor, defect, P3)

Product:
DevTools
Component:
Netmonitor
Version:
Firefox 90
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: simon.agostini, Unassigned)

Details

Attachments

(4 files, 1 obsolete file)

No Request Cookie Set
19.91 KB, image/png
Details
Test page source
613 bytes, text/plain
Details
test2.png
6.41 KB, image/png
Details
test1.png
6.17 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Safari/537.36

Steps to reproduce:

Open Developer Tools via F12.
Load a page and check the files under Networkmonitor.
Check PHP session cookie of a file.
Right click that file and select open in new tab.
Check Session of newly opened tab (via F12)

Actual results:

Newly opened tab (Tab 2 ) got a new Session ID and invalidates session from Tab 1

Expected results:

Session shall be kept the same as in Tab 1, so no new Session shall be generated.

Setting a component for this issue in order to get the dev team involved.
If you feel it's an incorrect one please feel free to change it to a more appropriate one.

Component: Untriaged → Netmonitor
Product: Firefox → DevTools

I don't have access to a PHP website on which I could log at the moment, but I checked on bugzilla (the cookie is named Bugzilla_logincookie), and opening a document in a new tab from the netmonitor still keep the cookie value.
Could you point us to a specific page/url where we can reproduce your issue? Thanks

Flags: needinfo?(simon.agostini)
Attached image No Request Cookie Set

Sorry I cannot share the URL since it is a internal project.
But I found out that if I open a new tab from the Dev Tools in is missing the Request cookie and it overrides the already available cookie with the new Session id and therefore it looses it s context.

This only happens in Firefox Developer, not seen on other Browsers like Chrome etc.

Flags: needinfo?(simon.agostini)
Flags: needinfo?(odvarko)
Attached file Test page source

I tried to reproduce this issue, but no luck

Here is what I tried:

  1. Load http://janodvarko.cz/tests/bugzilla/1721786/
    This page is implemented in PHP and prints out value of "Bug1721786Cookie" request cookie
    The cookie is created in the page as well so, the first load should show an empty value
    (the source of the page is attached)
  2. Open DevTools, select the Network panel and reload the page
  3. Inspect request cookies, you should see "Bug1721786Cookie"
  4. Right click on the "tests/bugzilla/1721786/" reuqest and pick "Open in New Tab"
  5. You can see that the new tab also shows - Request cookie "Bug1721786Cookie" has value: "a value"
    DevTools are not automatically opened for the new tab so, that's why the page prints the request cookie by itself.

Not sure if this are the right steps to reproduce the reported issue. But, does this work for you?
Should I try different steps? If yes, what exactly?

Thank you!

Honza

Flags: needinfo?(odvarko) → needinfo?(simon.agostini)

Hello,
I can see the cookie as you describe it.

But in your example Page I cannot see the PHPSESSID cookie which I have.
Can you enable PHP as session cookie based version?
Also the samesite attributes etc. are missing for me.

Maybe there is a issue? Just wondering why it worked flawless with older Firefox Versions.

Flags: needinfo?(simon.agostini)
Flags: needinfo?(odvarko)

I extended the test case with PHPSESSIONID cookie. When following my steps from comment #4 I can see it in another tab too.
Can you please try it on your machine, thank you!

Flags: needinfo?(odvarko) → needinfo?(simon.agostini)
Attached image test2.png

Hi,

I have tested you example again with same result cookie stays the same but I saw your webserver does not respond as mine.
Yours does not set a cookie as Response (as I can see).

Flags: needinfo?(simon.agostini)
Attached image test1.png

this is how my responses look like

Can you please share your test case, so we can try it and reproduce the bug on our machines?

Flags: needinfo?(simon.agostini)

I cannot share my embedded system.

But we use lighttpd 1.4.59 as webserver running with PHP 7.3.26 with HTTPS

Cookie related settings in the php.ini are:
"
session.name = PHPSESSID
session.use_cookies = 1
session.cookie_secure = 1
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly = 1
session.cookie_samesite="Strict"
session.serialize_handler = php
"

Flags: needinfo?(simon.agostini)

Unreproducible so far, we can update the priority and severity once we have other STRs.

Severity: -- → S3
Priority: -- → P3

There is a phpMyAdmin issue that looks like it is related to this bug.

https://github.com/phpmyadmin/phpmyadmin/issues/16813

Attachment #9387594 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: