Closed Bug 18331 Opened 25 years ago Closed 25 years ago

Random login failures at etrade

Categories

(Core :: Networking, defect, P3)

x86
Linux
defect

Tracking

()

VERIFIED DUPLICATE of bug 1582

People

(Reporter: jevering, Assigned: jud)

References

()

Details

1) go to www.etrade.com 2) login to account 3) if login is successfull, exit browser 4) reload browser and repeat login You will get a "You are tring to logon with a page from the browser's cache" error from etrade... and you cannot login.
Status: NEW → ASSIGNED
Target Milestone: M12
Need reporter's login and password! :) ok ok ... investigating...
Moving Assignee from gagan to warren since he is away.
*** Bug 20668 has been marked as a duplicate of this bug. ***
Assignee: warren → valeski
This bug is very sporadic, I cannot create a set of reproducible steps, I wonder if somehow e*trade maintains a session or a record of your login after you have shutdown causing the seemingly randomness. A few times I was able to make it fail by creating a new profile and then attempting to login, then after a restart things were okay, which was possibly due to an empty cookies file? But then I create a new profile and logged in first time, so I basically have no clue. Assigning to jud, he wanted this bug. added warren to cc: in case he is still interested
Status: NEW → ASSIGNED
I've been debugging this for hours... No luck. We're sending the same HTTP headers for successful logins as we are for unsuccessful. I think this is boiling down to some kind of form posting bug. Etrade sticks a hidden session_id field in the form for posting, they also set a session id cookie. I think they're using the two in combination to "determine" whether you're trying to login from a cached page (which would be bad from their perspective). Both id's are cryptic, but probably maintain some time interval, date, true tracking ID and other cruft. BUUUTTT, this doesn't seem to make sense considering a login can fail given a fresh profile (i.e. no knowledge on the lcient's part about cookies to set, or form fields). hmmm
no we're getting somewhere. when accessing the href of hte Log On image on the front page (www.etrade.com) with 4.x, I get login failures, everytime. The url is: https://trading.etrade.com/cgi-bin/gx.cgi/AppLogic+Loginpage
I'm getting the same behavior just noted in 5.0. Note: etrade does *not* require cookies to operate. Under 4.x I can navigate etrade w/ out incident with cookies disabled.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
Got it! Etrade is playing *every* trick in the book in order to ensure you can login, regardless of whether or not you have cookies enabled. They use a combination of hidden form elements and cookies to set session ids. All this seems to be on the up-and-up. I hard coded a referer: header to the etrade url that shows up in the url bar after loading www.etrade.com (just to feed it something it would recognize) and guess what... Mikey likes it. *** This bug has been marked as a duplicate of 1582 ***
Blocks: 21564
Bulk move of all Necko (to be deleted component) bugs to new Networking component.
Status: RESOLVED → VERIFIED
[bugday] interesting investigation. verified duplicity.
No longer blocks: 21564
You need to log in before you can comment on or make changes to this bug.