The default bug view has changed. See this FAQ.

Yahoo Mail login is broken (javascript reading of document.cookie returns nothing)

VERIFIED FIXED

Status

()

Core
Networking: Cookies
--
blocker
VERIFIED FIXED
14 years ago
14 years ago

People

(Reporter: Stephen Walker, Assigned: dwitte@gmail.com)

Tracking

({regression})

Trunk
regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

14 years ago
After bug 198751 was fixed, the problem of duplicate cookies is gone, but now 
the login just continually generates different .rand values and never succeeds 
in logging in. New cookie log at 
(http://home.bluemarble.net/~walk84/Mozilla/ck_ym.log)

Anyone that is triaging today's bug list, DO NOT dupe this bug to bug 198751.
(Reporter)

Comment 1

14 years ago
So..., after mvl asked me to set the disable cookies for mailnews pref to false,
user_pref("network.cookie.disableCookieForMailNews", false);, the login works.
It turns out that reading cookies with javascript is broken. document.cookies
always returns nothing. This will break lots of sites.
Summary: Yahoo Mail login is broken → Yahoo Mail login is broken (javascript reading of document.cookie returns nothing)

Comment 3

14 years ago
It also breaks http://imp.free.fr/ which uses IMP 2.2.6.
Keywords: regression

Comment 4

14 years ago
Is this is a dupe of bug 198751?

Comment 5

14 years ago
Benedikt: no, it isn't. that's why it says "DO NOT dupe this bug to bug 198751"
in the report!

Comment 6

14 years ago
FWIW, I can testify that it also busts My Netscape, eBay, and E*TRADE, among 
others... using 2003032108 on WinXP. Note that this build worked until I 
installed the 0322 nightly; since then I have tried re-installing, and even 
deleting my Mozilla directory and installing 0321 clean, but the bug persists, 
so it must have modified one of the user prefs or something...
As a workaround, you can enable cookies for mailnews. (preferences -> privacy ->
cookies)

Comment 8

14 years ago
confirmed this bug for build 2003032404, win98se;
the proposed workaround does nothing to alleviate problems with Yahoo! Mail.

Updated

14 years ago
Flags: blocking1.4a?
Created attachment 118338 [details] [diff] [review]
don't check for firstUri

When reading a cookie from javascript (nsCookieService::GetCookieString) there
is no firstUri. So when checking for mailnews blocking, firstUri is null. So it
is assumened the cookie comes from mailnews.
This patch restores the old behaviour that no firstUri is ok.

This might not be the correct thing to do, but it will fix the issues for now.
Attachment #118338 - Flags: superreview?(alecf)
Attachment #118338 - Flags: review?(darin)

Comment 10

14 years ago
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030324
and Camino Build ID: 2003032408 are both having problems accessing Yahoo Mail,
can not log in.
When I try to log in at Excite.com I get the following message:  "The browser
you're using is not allowing you to sign in to Excite.
Right now, your browser's settings are configured to disable cookies and/or
javascript. In order to access your account, you must change your browser's
settings to accept both cookies AND javascript." The link is:
http://www1.excite.com/security/0,17167,,00.html

Comment 11

14 years ago
dwitte needs to review this. We need to figure out why this pref is causing this
codepatch to fail - these are clearly not mail/news urls!

Comment 12

14 years ago
Comment on attachment 118338 [details] [diff] [review]
don't check for firstUri

yeah, this looks right to me.  unfortunate because it also means the "disable
cookies for mailnews" pref is not always honored, but that's how it was
previously and we still have an open bug on fixing that the right way. 
(requesting r= from dwitte)
Attachment #118338 - Flags: superreview?(alecf)
Attachment #118338 - Flags: superreview+
Attachment #118338 - Flags: review?(dwitte)
Attachment #118338 - Flags: review?(darin)
(Assignee)

Comment 13

14 years ago
Comment on attachment 118338 [details] [diff] [review]
don't check for firstUri

yeah, we knew this would probably break when we made the change; although I did
think we'd be able to pull a firstURI from somewhere even in the java case
(there's some evil nsIHttpInternal QI'ing going on in there...)

r=dwitte, looks like we have to revert until we can get it fixed properly :(
Attachment #118338 - Flags: review?(dwitte) → review+
(Assignee)

Comment 14

14 years ago
darin, alecf, someone: any chance one of you could check this in? thx!
(Assignee)

Comment 15

14 years ago
checked in by timeless @ 1108hrs
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED

Comment 16

14 years ago
Still broken in 

Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030325

(Assignee)

Comment 17

14 years ago
David: are you sure your build was made after 11.08 thismorning?

Comment 18

14 years ago
I can confirm that it is still broken in this build:

Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030325

The disk image is time stamped 8:29AM

This issue for me affects Yahoo login, Excite login and dot Mac login.

Preferences are to accept all cookies.

Note: I am experiencing the same in Camino Build ID: 2003032408, todays build is
not posted, tinderbox shows many breaks for Camino.
(Assignee)

Comment 19

14 years ago
well, the fix was checked in @ 1108 thismorning, so it'll obviously still be
broken in any build before that...

testing results on a build made thisafternoon would be useful

Comment 20

14 years ago
Today's Win32 nightly (build 2003032508) works for me, and it was definitely not
working for me yesterday. Thanks for the quick fix.

Comment 21

14 years ago
Mike - that's interesting, because your build was made at 0800 (that's what the
08 on the end of the buildid is), and this fix wasn't made until 1108. your
mozilla build must be prescient... anyway, as long as it works.

if anyone is seeing this problem in a build later that 2003032512 (that is,
about 12pm on March 25th), then that's worth commenting on.  if you're using an
earlier build than that, then please don't comment...

Comment 22

14 years ago
According to the time stamp, the build was made after 1pm, several hours after
the fix was available. Regardless, it works.

Comment 23

14 years ago
I just grabbed the latest linux build 2003032517 and yahoo mail login is still
broken.  I think this needs to be reopened.
(Assignee)

Comment 24

14 years ago
scott: thanks for the info - looking into it. can you generate a cookie log for
your yahoo login, so we can find the failure reason?

if you're not sure how to generate a cookie log, see
http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1
(Assignee)

Comment 25

14 years ago
uhh, i see you're running linux, so those win32 instructions won't work, but i
guess you get the idea... ;)

Comment 26

14 years ago
Dan, here is the cookie log data you requested:
(Note this is only part of it but it just seems to repeat in a circular loop)

16384[809c7e8]: ===== COOKIE SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: cookie string: B=d2fa820v0n9ac&b=2&f=v;
I=ir=av&in=6a900a36&i1=AAAJA7BbC2DpFvMiMnMwP7CxACEqFTCzABemDDACUGUY; PU=t=1;
CRZY1=t=2
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because cookies disabled for mailnews
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because cookies disabled for mailnews
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE ACCEPTED =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: cookie string: CRZY1=t=1; expires=Fri, 28 Mar 2003 03:01:57 GMT;
domain=www.yahoo.com; path=/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: ----------------
16384[809c7e8]: name: CRZY1
16384[809c7e8]: value: t=1
16384[809c7e8]: domain: .www.yahoo.com
16384[809c7e8]: path: /
16384[809c7e8]: expires: Fri Mar 28 03:01:57 2003 GMT
16384[809c7e8]: is secure: false
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because cookies disabled for mailnews
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://us.i1.yimg.com/us.yimg.com/i/ww/m6v9.gif
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because originating server test failed

Comment 27

14 years ago
By the way, enabling cookies for mailnews still fixes the problem as the cookie
log suggested it would :-)
(Assignee)

Comment 28

14 years ago
okay, so i've double-checked things, and i don't really know what to say... the
failure condition the log shows is now impossible, unless the cookies really are
from mailnews _and_ they're not being set/read by javascript _and_ you have the
"block cookies from mailnews" pref set.

so i'm guessing the build time must be inaccurate; it must've been built before
the fix went in...

given that disabling "block cookies from mailnews" makes it work again, i'd
recommend you get a later build (if possible) and test that.

thanks for the quick response!

Comment 29

14 years ago
OK Dan, I'll grab a new build first thing tommorow and re-test, assuming mozilla
is still alive after all of tonights 1.4a crash landings ;-)
(Assignee)

Comment 30

14 years ago
heh, okay, thanks... in the meantime, i'll see if i can confirm before the
freeze tonight.

Comment 31

14 years ago
Camino Build ID: 2003032517 25-Mar-2003 22:57 has fixed the issues I had with
Yahoo, Excite and .Mac.

Thanks for the prompt fix.:)
(Assignee)

Comment 32

14 years ago
glad to hear it; thanks for confirming!

Comment 33

14 years ago
Dan, I can confirm that in this mornings linux build (2003032604) the bug IS
fixed.  Your theory on the bad build timestamp last night appears to have been
correct.

Comment 34

14 years ago
The latest Mozilla Mach-O is still 25-Mar-2003 08:29 (unpatched). Guess I'll use
Safari today instead.

Comment 35

14 years ago
2003032604 trunk

There are still some very bizarre things happening with Yahoo! mail. Try
replying to a message and then clicking "Return to message" after sending.
Instead of returning to the message you are returned to the mail composition
screen. Loggin out of Yahoo! Mail and back in brings you to a composition
screen. After following the above steps, there is no way to get the Inbox to
display without deleting all of the Yahoo! cookies and logging in again.
(Assignee)

Comment 36

14 years ago
*** Bug 199252 has been marked as a duplicate of this bug. ***
(Assignee)

Comment 37

14 years ago
Jerry: i'm unable to reproduce your problems on 2003032611. could you try
updating to the latest trunk?

if you still have problems, please file a new bug (and cc me), and provide the
following details:

a) all your cookie preferences (including javascript permissions)
b) a cookie log for your yahoo mail login (if you're running windows, you can
find instructions at http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1).

thanks!
(Assignee)

Comment 38

14 years ago
*** Bug 199351 has been marked as a duplicate of this bug. ***

Updated

14 years ago
Flags: blocking1.4a?
(Assignee)

Comment 39

14 years ago
*** Bug 199233 has been marked as a duplicate of this bug. ***

Comment 40

14 years ago
*** Bug 199532 has been marked as a duplicate of this bug. ***

Comment 41

14 years ago
*** Bug 202083 has been marked as a duplicate of this bug. ***

Comment 42

14 years ago
*** Bug 202890 has been marked as a duplicate of this bug. ***

Comment 43

14 years ago
*** Bug 203236 has been marked as a duplicate of this bug. ***

Comment 44

14 years ago
It's been working great for me since the fix and others seem to share this
sentiment. Verifying.
Status: RESOLVED → VERIFIED

Comment 45

14 years ago
I'm CC'ed on this after I opened bug #99591.

Unfortunately, I still cannot login to my Leumi Bank account following
the fix: 1.4rc1 fails, while 1.3.1 works just fine.
If there is any debugging info I can provide, I'd be glad to do so,
but I'd need instruction on what and how.

It would be great if the bug is solved by 1.4, because for me not solving it
means I cannot move to 1.4.  I'm not allowed to reopen the bug, but I think
this should be the case.

(Assignee)

Comment 46

14 years ago
the issue you describe is different from this one - please open a new bug
report, and provide the following details:

1) the URL & steps to reproduce,

2) your cookie & javascript preferences
(Edit->Preferences->Privacy&Security->Cookies &
Edit->Preferences->Advanced->Scripts&Plugins);

3) if those look okay, a cookie log showing the login problem (instructions for
win32 can be found at http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1,
same idea applies for linux)

if you could do that at your earliest convenience, that'd be great - if we have
a cookie regression, it'd be nice to fix before 1.4 ships ;)
(Assignee)

Comment 47

14 years ago
also, please assign the bug to me when you file it. thx!
You need to log in before you can comment on or make changes to this bug.