Open Bug 1926941 Opened 9 days ago Updated 3 days ago

Issues with SSO auth resetting/expiring too soon

Categories

(Core :: Networking: Cookies, defect)

Firefox 131
defect

Tracking

()

People

(Reporter: jabradford, Unassigned)

Details

I and others at my company have noticed an issue with Firefox and SSO authed apps lately. Gitlab and our own hosted Grafana with Google SSO auth, specifically. It seems that the auth session is resetting/expiring far sooner than it should (sometimes just minutes) and resulting in frequent prompts to reauth, requests failing, etc.

It's somewhat intermittent and inconsistent, as well. Some of us will see the issue while others don't, sometime several of us do. We've tried disabling various extensions, comparing cookie and privacy settings, etc, but haven't found any solution yet. Also, we're all remote, on different networks, etc, so it's not something specific to the local env.

We do all use Cloudflare WARP, however. Maybe related?

I assume the authentication goes through cookies. Tentatively moving to Networking Cookies, please move is there a better place to investigate this issue.

Component: Untriaged → Networking: Cookies
Product: Firefox → Core
  1. What version of fx are you on? Have you tried older versions to see if the problem went away?
  2. Do you notice the same behaviour in Private Browsing Mode?
  3. Do you notice the same behaviour if you try a fresh profile (use about:profiles)?
  4. How recent have you noticed the issue?
  5. Are you able to provide a snapshot of your cookie DB? Just the rows for the offending site/SSO provider (see host column). Ensure you are on the "broken profile" and you can find out where your cookies.sql is by checking about:support and it's in the directory indicated by Profile Directory. You can use a program like sqlitebrowser to open and export the rows of interest. Which you can email to necko@mozilla.com. You may want to modify the value columns for privacy/security reasons, but the name and other fields will be important to help us diagnose.
  6. (Only do this after already sending your db info, if you are able) Has clearing cookies on the offending site/SSO provider helped?

Thanks!

Flags: needinfo?(jabradford)
  1. Currently on 131.0.3 (aarch64) (build 20241011205646) on Macos (Darwin 23.6.0 Darwin Kernel Version 23.6.0: Wed Jul 31 20:49:39 PDT 2024; root:xnu-10063.141.1.700.5~1/RELEASE_ARM64_T6000) and I have seen the same issues on earlier versions. I don't have the exact list of versions or exactly when we first started noticing it.
  2. I have not tried it in Private Browsing Mode, as these are all authenticated SSO apps for work, starting with MFA auth in Google.
  3. I have not tried a fresh profile, but we have multiple users (on their own machines with their own installs and profiles) that have seen similar issues.
  4. Today. I see it to varying degrees every day or two.
  5. I'll email cookie info with the bug id.
  6. I'll try clearing all cookies later to see if that helps.

Thank you for taking a look at this!

Flags: needinfo?(jabradford)
You need to log in before you can comment on or make changes to this bug.