Closed Bug 18331 Opened 20 years ago Closed 20 years ago

Random login failures at etrade

Categories

(Core :: Networking, defect, P3)

x86
Linux
defect

Tracking

()

VERIFIED DUPLICATE of bug 1582

People

(Reporter: jevering, Assigned: jud)

References

()

Details

1) go to www.etrade.com
2) login to account
3) if login is successfull, exit browser
4) reload browser and repeat login

You will get a "You are tring to logon with a page from the browser's cache"
error from etrade... and you cannot login.
Status: NEW → ASSIGNED
Target Milestone: M12
Need reporter's login and password! :) ok ok ... investigating...
Moving Assignee from gagan to warren since he is away.
*** Bug 20668 has been marked as a duplicate of this bug. ***
Assignee: warren → valeski
This bug is very sporadic, I cannot create a set of reproducible steps, I wonder
if somehow e*trade maintains a session or a record of your login after you have
shutdown causing the seemingly randomness.

A few times I was able to make it fail by creating a new profile and then
attempting to login, then after a restart things were okay, which was possibly
due to an empty cookies file? But then I create a new profile and logged in
first time, so I basically have no clue.

Assigning to jud, he wanted this bug. added warren to cc: in case he is still
interested
Status: NEW → ASSIGNED
I've been debugging this for hours... No luck. We're sending the same HTTP
headers for successful logins as we are for unsuccessful. I think this is
boiling down to some kind of form posting bug. Etrade sticks a hidden session_id
field in the form for posting, they also set a session id cookie. I think
they're using the two in combination to "determine" whether you're trying to
login from a cached page (which would be bad from their perspective). Both id's
are cryptic, but probably maintain some time interval, date, true tracking ID
and other cruft. BUUUTTT, this doesn't seem to make sense considering a login
can fail given a fresh profile (i.e. no knowledge on the lcient's part about
cookies to set, or form fields). hmmm
no we're getting somewhere. when accessing the href of hte Log On image on the
front page (www.etrade.com) with 4.x, I get login failures, everytime. The url
is: https://trading.etrade.com/cgi-bin/gx.cgi/AppLogic+Loginpage
I'm getting the same behavior just noted in 5.0.

Note: etrade does *not* require cookies to operate. Under 4.x I can navigate
etrade w/ out incident with cookies disabled.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Got it! Etrade is playing *every* trick in the book in order to ensure you can
login, regardless of whether or not you have cookies enabled. They use a
combination of hidden form elements and cookies to set session ids. All this
seems to be on the up-and-up. I hard coded a referer: header to the etrade url
that shows up in the url bar after loading www.etrade.com (just to feed it
something it would recognize) and guess what... Mikey likes it.

*** This bug has been marked as a duplicate of 1582 ***
Blocks: 21564
Bulk move of all Necko (to be deleted component) bugs to new Networking

component.
Status: RESOLVED → VERIFIED
[bugday] interesting investigation. verified duplicity.
No longer blocks: 21564
You need to log in before you can comment on or make changes to this bug.