Closed Bug 191572 Opened 23 years ago Closed 23 years ago

Somehow cookies are not sent back to the URL mentioned above to satisfy its request.

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: ishikawa, Assigned: asa)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212 When I tried to follow the top page at Washington Post newspaper page, a dialog pops up for readership survey. I typed in a few answer and hit [GO] button, but the new dialog pops up saying that the site detected my browser is eanbled for cookie. I rechecked my mozilla browser and find that the cookie is enabled. As a matter of fact, when I enabled [warn when cookie is stored] I do get dialog to ask me if I want the existing cookie modified by the same originating site, etc.. So cookie is being processed by mozilla, but may not be returned to Washington post site in a manner that it expects the cookie to be returned. Reproducible: Always Steps to Reproduce: 1. Go to the www.washingtonpost.com 2. Pick the leading article, today, it is Columbia accident. 3. [Now this is the tricky part. The survey doesn't occur every day. Obiviously the survey is enabled from time to time. But when this survey was in place a few months back, the same warning about cookie not being enabled was sent back and I could not follow the link to read in-depth article.] A dialog for readership survey gender/age/location pops up. I filled in the survey and hit [Go] button presumably to read through this survey and reach the desired article, but instead, the site returns a warning about cookie not being enabled. So I can't read Washingtonpost when this survey is in place. Actual Results: As I explain above, the warning about cookie not being enabled appears and I have to read the same survey pop again. After checking and tweaking the cookie setting, the same warning still is displayed and I can't go on to read the desired page. Expected Results: (I should be able to read the in-depth article page...) I am not entirely sure if this is a Mozilla bug or not, but given that many readers access Washingtonpost.com and presumably others don't have problems, there must be something unique to Mozilla version I use which prevents me from proceeding.
Check your cookie preferences -- are you accepting all cookies or originating site only? Are you explicitly blocking cookies from this site?
Dear Boris, Thank you for your comment. Yes, my browser accepts all the cookies (I tweaked it during my own test), and I am not blocking any cookie from this site. It turns out that the problem has to do something with Java script setting. After setting the "ask me before storing cookie", and seeing that mozilla indeed handles the cookie from this site, finally I looked at the survey page and found it was written in JavaScript. So I looked at my JavaScript setting. It is enabled from web browsing. *BUT* I have disabled "allow Java to read cookies" setting for fear of cross site scripting vulnerabilities for some time. Who wants to let a Javascript from one site to read the cookies from other sites even by mistake/bug? Could it be the cause of the problem? Yes, indeed. As I enabled this feature again, I accessed the WashingtonPost.com and this time I could go on to read the in-depth article after answering the short survey without problem. I disabled the "allow Java to read cookies" feature again. So this is not a bug of mozilla at all, but due to the way the Javascript page is written. Should we tell the writers of the survey page (in JavaScript) not to try to read cookie in JavaScript? Given the popularity of cross-site scripting this may be a good thing. On the other hand, I wonder if Mozilla (or whoever ships mozilla) should ship the binary with the default setting of this "read cookies" DISABLED. (After all, someone had the wisdom of introducing this feature into Mozilla.) This would be good security-wise and also force the writers of the web pages to think hard about the wisdom of letting JavaScript read cookies when they begin to hear from Mozilla users about the JavaScript page not working because the script tries to read cookies, etc.. (Of course, some sites simply would say, scrap Mozilla and use something else. So this would be more like evangelism issue now.) Thank you again for your attention.
Don't you mean "read cookies in JavaScript"? I'm not sure that there are any security problems with allowing JavaScript to read cookies. A discussion of that is appropriate elsewhere. Good places to inquire about it about include the newsgroups or Mozillazine.org. Resolving as worksforme as the reporter says it is now working.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Summary: Somehow cookies are not sent back to the URL mentioend above to satisfy its request. → Somehow cookies are not sent back to the URL mentioned above to satisfy its request.
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.