Closed Bug 198870 Opened 22 years ago Closed 22 years ago

Yahoo Mail login is broken (javascript reading of document.cookie returns nothing)

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: stdowa+bugzilla, Assigned: dwitte)

References

(
URL
)

Details

(Keywords: regression)

Attachments

(1 file)

don't check for firstUri
1.03 KB, patch
dwitte
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
After bug 198751 was fixed, the problem of duplicate cookies is gone, but now the login just continually generates different .rand values and never succeeds in logging in. New cookie log at (http://home.bluemarble.net/~walk84/Mozilla/ck_ym.log) Anyone that is triaging today's bug list, DO NOT dupe this bug to bug 198751.
So..., after mvl asked me to set the disable cookies for mailnews pref to false, user_pref("network.cookie.disableCookieForMailNews", false);, the login works.
It turns out that reading cookies with javascript is broken. document.cookies always returns nothing. This will break lots of sites.
Summary: Yahoo Mail login is broken → Yahoo Mail login is broken (javascript reading of document.cookie returns nothing)
It also breaks http://imp.free.fr/ which uses IMP 2.2.6.
Keywords: regression
Is this is a dupe of bug 198751?
Benedikt: no, it isn't. that's why it says "DO NOT dupe this bug to bug 198751" in the report!
FWIW, I can testify that it also busts My Netscape, eBay, and E*TRADE, among others... using 2003032108 on WinXP. Note that this build worked until I installed the 0322 nightly; since then I have tried re-installing, and even deleting my Mozilla directory and installing 0321 clean, but the bug persists, so it must have modified one of the user prefs or something...
As a workaround, you can enable cookies for mailnews. (preferences -> privacy -> cookies)
confirmed this bug for build 2003032404, win98se; the proposed workaround does nothing to alleviate problems with Yahoo! Mail.
Flags: blocking1.4a?
Attached patch don't check for firstUri — — Splinter Review
When reading a cookie from javascript (nsCookieService::GetCookieString) there is no firstUri. So when checking for mailnews blocking, firstUri is null. So it is assumened the cookie comes from mailnews. This patch restores the old behaviour that no firstUri is ok. This might not be the correct thing to do, but it will fix the issues for now.
Attachment #118338 - Flags: superreview?(alecf)
Attachment #118338 - Flags: review?(darin)
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030324 and Camino Build ID: 2003032408 are both having problems accessing Yahoo Mail, can not log in. When I try to log in at Excite.com I get the following message: "The browser you're using is not allowing you to sign in to Excite. Right now, your browser's settings are configured to disable cookies and/or javascript. In order to access your account, you must change your browser's settings to accept both cookies AND javascript." The link is: http://www1.excite.com/security/0,17167,,00.html
dwitte needs to review this. We need to figure out why this pref is causing this codepatch to fail - these are clearly not mail/news urls!
Comment on attachment 118338 [details] [diff] [review] don't check for firstUri yeah, this looks right to me. unfortunate because it also means the "disable cookies for mailnews" pref is not always honored, but that's how it was previously and we still have an open bug on fixing that the right way. (requesting r= from dwitte)
Attachment #118338 - Flags: superreview?(alecf)
Attachment #118338 - Flags: superreview+
Attachment #118338 - Flags: review?(dwitte)
Attachment #118338 - Flags: review?(darin)
Comment on attachment 118338 [details] [diff] [review] don't check for firstUri yeah, we knew this would probably break when we made the change; although I did think we'd be able to pull a firstURI from somewhere even in the java case (there's some evil nsIHttpInternal QI'ing going on in there...) r=dwitte, looks like we have to revert until we can get it fixed properly :(
Attachment #118338 - Flags: review?(dwitte) → review+
darin, alecf, someone: any chance one of you could check this in? thx!
checked in by timeless @ 1108hrs
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Still broken in Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030325
David: are you sure your build was made after 11.08 thismorning?
I can confirm that it is still broken in this build: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030325 The disk image is time stamped 8:29AM This issue for me affects Yahoo login, Excite login and dot Mac login. Preferences are to accept all cookies. Note: I am experiencing the same in Camino Build ID: 2003032408, todays build is not posted, tinderbox shows many breaks for Camino.
well, the fix was checked in @ 1108 thismorning, so it'll obviously still be broken in any build before that... testing results on a build made thisafternoon would be useful
Today's Win32 nightly (build 2003032508) works for me, and it was definitely not working for me yesterday. Thanks for the quick fix.
Mike - that's interesting, because your build was made at 0800 (that's what the 08 on the end of the buildid is), and this fix wasn't made until 1108. your mozilla build must be prescient... anyway, as long as it works. if anyone is seeing this problem in a build later that 2003032512 (that is, about 12pm on March 25th), then that's worth commenting on. if you're using an earlier build than that, then please don't comment...
According to the time stamp, the build was made after 1pm, several hours after the fix was available. Regardless, it works.
I just grabbed the latest linux build 2003032517 and yahoo mail login is still broken. I think this needs to be reopened.
scott: thanks for the info - looking into it. can you generate a cookie log for your yahoo login, so we can find the failure reason? if you're not sure how to generate a cookie log, see http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1
uhh, i see you're running linux, so those win32 instructions won't work, but i guess you get the idea... ;)
Dan, here is the cookie log data you requested: (Note this is only part of it but it just seems to repeat in a circular loop) 16384[809c7e8]: ===== COOKIE SENT ===== 16384[809c7e8]: request URL: http://www.yahoo.com/ 16384[809c7e8]: cookie string: B=d2fa820v0n9ac&b=2&f=v; I=ir=av&in=6a900a36&i1=AAAJA7BbC2DpFvMiMnMwP7CxACEqFTCzABemDDACUGUY; PU=t=1; CRZY1=t=2 16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT 16384[809c7e8]: 16384[809c7e8]: ===== COOKIE NOT SENT ===== 16384[809c7e8]: request URL: http://www.yahoo.com/ 16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT 16384[809c7e8]: rejected because cookies disabled for mailnews 16384[809c7e8]: 16384[809c7e8]: ===== COOKIE NOT SENT ===== 16384[809c7e8]: request URL: http://www.yahoo.com/ 16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT 16384[809c7e8]: rejected because cookies disabled for mailnews 16384[809c7e8]: 16384[809c7e8]: ===== COOKIE ACCEPTED ===== 16384[809c7e8]: request URL: http://www.yahoo.com/ 16384[809c7e8]: cookie string: CRZY1=t=1; expires=Fri, 28 Mar 2003 03:01:57 GMT; domain=www.yahoo.com; path=/ 16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT 16384[809c7e8]: ---------------- 16384[809c7e8]: name: CRZY1 16384[809c7e8]: value: t=1 16384[809c7e8]: domain: .www.yahoo.com 16384[809c7e8]: path: / 16384[809c7e8]: expires: Fri Mar 28 03:01:57 2003 GMT 16384[809c7e8]: is secure: false 16384[809c7e8]: 16384[809c7e8]: ===== COOKIE NOT SENT ===== 16384[809c7e8]: request URL: http://www.yahoo.com/ 16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT 16384[809c7e8]: rejected because cookies disabled for mailnews 16384[809c7e8]: 16384[809c7e8]: ===== COOKIE NOT SENT ===== 16384[809c7e8]: request URL: http://us.i1.yimg.com/us.yimg.com/i/ww/m6v9.gif 16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT 16384[809c7e8]: rejected because originating server test failed
By the way, enabling cookies for mailnews still fixes the problem as the cookie log suggested it would :-)
okay, so i've double-checked things, and i don't really know what to say... the failure condition the log shows is now impossible, unless the cookies really are from mailnews _and_ they're not being set/read by javascript _and_ you have the "block cookies from mailnews" pref set. so i'm guessing the build time must be inaccurate; it must've been built before the fix went in... given that disabling "block cookies from mailnews" makes it work again, i'd recommend you get a later build (if possible) and test that. thanks for the quick response!
OK Dan, I'll grab a new build first thing tommorow and re-test, assuming mozilla is still alive after all of tonights 1.4a crash landings ;-)
heh, okay, thanks... in the meantime, i'll see if i can confirm before the freeze tonight.
Camino Build ID: 2003032517 25-Mar-2003 22:57 has fixed the issues I had with Yahoo, Excite and .Mac. Thanks for the prompt fix.:)
glad to hear it; thanks for confirming!
Dan, I can confirm that in this mornings linux build (2003032604) the bug IS fixed. Your theory on the bad build timestamp last night appears to have been correct.
The latest Mozilla Mach-O is still 25-Mar-2003 08:29 (unpatched). Guess I'll use Safari today instead.
2003032604 trunk There are still some very bizarre things happening with Yahoo! mail. Try replying to a message and then clicking "Return to message" after sending. Instead of returning to the message you are returned to the mail composition screen. Loggin out of Yahoo! Mail and back in brings you to a composition screen. After following the above steps, there is no way to get the Inbox to display without deleting all of the Yahoo! cookies and logging in again.
*** Bug 199252 has been marked as a duplicate of this bug. ***
Jerry: i'm unable to reproduce your problems on 2003032611. could you try updating to the latest trunk? if you still have problems, please file a new bug (and cc me), and provide the following details: a) all your cookie preferences (including javascript permissions) b) a cookie log for your yahoo mail login (if you're running windows, you can find instructions at http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1). thanks!
*** Bug 199351 has been marked as a duplicate of this bug. ***
Flags: blocking1.4a?
*** Bug 199233 has been marked as a duplicate of this bug. ***
*** Bug 199532 has been marked as a duplicate of this bug. ***
*** Bug 202083 has been marked as a duplicate of this bug. ***
*** Bug 202890 has been marked as a duplicate of this bug. ***
*** Bug 203236 has been marked as a duplicate of this bug. ***
It's been working great for me since the fix and others seem to share this sentiment. Verifying.
Status: RESOLVED → VERIFIED
I'm CC'ed on this after I opened bug #99591. Unfortunately, I still cannot login to my Leumi Bank account following the fix: 1.4rc1 fails, while 1.3.1 works just fine. If there is any debugging info I can provide, I'd be glad to do so, but I'd need instruction on what and how. It would be great if the bug is solved by 1.4, because for me not solving it means I cannot move to 1.4. I'm not allowed to reopen the bug, but I think this should be the case.
the issue you describe is different from this one - please open a new bug report, and provide the following details: 1) the URL & steps to reproduce, 2) your cookie & javascript preferences (Edit->Preferences->Privacy&Security->Cookies & Edit->Preferences->Advanced->Scripts&Plugins); 3) if those look okay, a cookie log showing the login problem (instructions for win32 can be found at http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1, same idea applies for linux) if you could do that at your earliest convenience, that'd be great - if we have a cookie regression, it'd be nice to fix before 1.4 ships ;)
also, please assign the bug to me when you file it. thx!
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: