Closed Bug 198870 Opened 21 years ago Closed 21 years ago

Yahoo Mail login is broken (javascript reading of document.cookie returns nothing)

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: stdowa+bugzilla, Assigned: dwitte)

References

(
URL
)

Details

(Keywords: regression)

Attachments

(1 file)

don't check for firstUri
1.03 KB, patch
dwitte
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review 
After bug 198751 was fixed, the problem of duplicate cookies is gone, but now 
the login just continually generates different .rand values and never succeeds 
in logging in. New cookie log at 
(http://home.bluemarble.net/~walk84/Mozilla/ck_ym.log)

Anyone that is triaging today's bug list, DO NOT dupe this bug to bug 198751.
So..., after mvl asked me to set the disable cookies for mailnews pref to false,
user_pref("network.cookie.disableCookieForMailNews", false);, the login works.
It turns out that reading cookies with javascript is broken. document.cookies
always returns nothing. This will break lots of sites.
Summary: Yahoo Mail login is broken → Yahoo Mail login is broken (javascript reading of document.cookie returns nothing)
It also breaks http://imp.free.fr/ which uses IMP 2.2.6.
Keywords: regression
Is this is a dupe of bug 198751?
Benedikt: no, it isn't. that's why it says "DO NOT dupe this bug to bug 198751"
in the report!
FWIW, I can testify that it also busts My Netscape, eBay, and E*TRADE, among 
others... using 2003032108 on WinXP. Note that this build worked until I 
installed the 0322 nightly; since then I have tried re-installing, and even 
deleting my Mozilla directory and installing 0321 clean, but the bug persists, 
so it must have modified one of the user prefs or something...
As a workaround, you can enable cookies for mailnews. (preferences -> privacy ->
cookies)
confirmed this bug for build 2003032404, win98se;
the proposed workaround does nothing to alleviate problems with Yahoo! Mail.
Flags: blocking1.4a?
When reading a cookie from javascript (nsCookieService::GetCookieString) there
is no firstUri. So when checking for mailnews blocking, firstUri is null. So it
is assumened the cookie comes from mailnews.
This patch restores the old behaviour that no firstUri is ok.

This might not be the correct thing to do, but it will fix the issues for now.
Attachment #118338 - Flags: superreview?(alecf)
Attachment #118338 - Flags: review?(darin)
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030324
and Camino Build ID: 2003032408 are both having problems accessing Yahoo Mail,
can not log in.
When I try to log in at Excite.com I get the following message:  "The browser
you're using is not allowing you to sign in to Excite.
Right now, your browser's settings are configured to disable cookies and/or
javascript. In order to access your account, you must change your browser's
settings to accept both cookies AND javascript." The link is:
http://www1.excite.com/security/0,17167,,00.html

dwitte needs to review this. We need to figure out why this pref is causing this
codepatch to fail - these are clearly not mail/news urls!
Comment on attachment 118338 [details] [diff] [review]
don't check for firstUri

yeah, this looks right to me.  unfortunate because it also means the "disable
cookies for mailnews" pref is not always honored, but that's how it was
previously and we still have an open bug on fixing that the right way. 
(requesting r= from dwitte)
Attachment #118338 - Flags: superreview?(alecf)
Attachment #118338 - Flags: superreview+
Attachment #118338 - Flags: review?(dwitte)
Attachment #118338 - Flags: review?(darin)
Comment on attachment 118338 [details] [diff] [review]
don't check for firstUri

yeah, we knew this would probably break when we made the change; although I did
think we'd be able to pull a firstURI from somewhere even in the java case
(there's some evil nsIHttpInternal QI'ing going on in there...)

r=dwitte, looks like we have to revert until we can get it fixed properly :(
Attachment #118338 - Flags: review?(dwitte) → review+
darin, alecf, someone: any chance one of you could check this in? thx!
checked in by timeless @ 1108hrs
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Still broken in 

Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030325


David: are you sure your build was made after 11.08 thismorning?
I can confirm that it is still broken in this build:

Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030325

The disk image is time stamped 8:29AM

This issue for me affects Yahoo login, Excite login and dot Mac login.

Preferences are to accept all cookies.

Note: I am experiencing the same in Camino Build ID: 2003032408, todays build is
not posted, tinderbox shows many breaks for Camino.
well, the fix was checked in @ 1108 thismorning, so it'll obviously still be
broken in any build before that...

testing results on a build made thisafternoon would be useful
Today's Win32 nightly (build 2003032508) works for me, and it was definitely not
working for me yesterday. Thanks for the quick fix.
Mike - that's interesting, because your build was made at 0800 (that's what the
08 on the end of the buildid is), and this fix wasn't made until 1108. your
mozilla build must be prescient... anyway, as long as it works.

if anyone is seeing this problem in a build later that 2003032512 (that is,
about 12pm on March 25th), then that's worth commenting on.  if you're using an
earlier build than that, then please don't comment...
According to the time stamp, the build was made after 1pm, several hours after
the fix was available. Regardless, it works.
I just grabbed the latest linux build 2003032517 and yahoo mail login is still
broken.  I think this needs to be reopened.
scott: thanks for the info - looking into it. can you generate a cookie log for
your yahoo login, so we can find the failure reason?

if you're not sure how to generate a cookie log, see
http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1
uhh, i see you're running linux, so those win32 instructions won't work, but i
guess you get the idea... ;)
Dan, here is the cookie log data you requested:
(Note this is only part of it but it just seems to repeat in a circular loop)

16384[809c7e8]: ===== COOKIE SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: cookie string: B=d2fa820v0n9ac&b=2&f=v;
I=ir=av&in=6a900a36&i1=AAAJA7BbC2DpFvMiMnMwP7CxACEqFTCzABemDDACUGUY; PU=t=1;
CRZY1=t=2
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because cookies disabled for mailnews
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because cookies disabled for mailnews
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE ACCEPTED =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: cookie string: CRZY1=t=1; expires=Fri, 28 Mar 2003 03:01:57 GMT;
domain=www.yahoo.com; path=/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: ----------------
16384[809c7e8]: name: CRZY1
16384[809c7e8]: value: t=1
16384[809c7e8]: domain: .www.yahoo.com
16384[809c7e8]: path: /
16384[809c7e8]: expires: Fri Mar 28 03:01:57 2003 GMT
16384[809c7e8]: is secure: false
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because cookies disabled for mailnews
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://us.i1.yimg.com/us.yimg.com/i/ww/m6v9.gif
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because originating server test failed

By the way, enabling cookies for mailnews still fixes the problem as the cookie
log suggested it would :-)
okay, so i've double-checked things, and i don't really know what to say... the
failure condition the log shows is now impossible, unless the cookies really are
from mailnews _and_ they're not being set/read by javascript _and_ you have the
"block cookies from mailnews" pref set.

so i'm guessing the build time must be inaccurate; it must've been built before
the fix went in...

given that disabling "block cookies from mailnews" makes it work again, i'd
recommend you get a later build (if possible) and test that.

thanks for the quick response!
OK Dan, I'll grab a new build first thing tommorow and re-test, assuming mozilla
is still alive after all of tonights 1.4a crash landings ;-)
heh, okay, thanks... in the meantime, i'll see if i can confirm before the
freeze tonight.
Camino Build ID: 2003032517 25-Mar-2003 22:57 has fixed the issues I had with
Yahoo, Excite and .Mac.

Thanks for the prompt fix.:)
glad to hear it; thanks for confirming!
Dan, I can confirm that in this mornings linux build (2003032604) the bug IS
fixed.  Your theory on the bad build timestamp last night appears to have been
correct.
The latest Mozilla Mach-O is still 25-Mar-2003 08:29 (unpatched). Guess I'll use
Safari today instead.
2003032604 trunk

There are still some very bizarre things happening with Yahoo! mail. Try
replying to a message and then clicking "Return to message" after sending.
Instead of returning to the message you are returned to the mail composition
screen. Loggin out of Yahoo! Mail and back in brings you to a composition
screen. After following the above steps, there is no way to get the Inbox to
display without deleting all of the Yahoo! cookies and logging in again.
*** Bug 199252 has been marked as a duplicate of this bug. ***
Jerry: i'm unable to reproduce your problems on 2003032611. could you try
updating to the latest trunk?

if you still have problems, please file a new bug (and cc me), and provide the
following details:

a) all your cookie preferences (including javascript permissions)
b) a cookie log for your yahoo mail login (if you're running windows, you can
find instructions at http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1).

thanks!
*** Bug 199351 has been marked as a duplicate of this bug. ***
Flags: blocking1.4a?
*** Bug 199233 has been marked as a duplicate of this bug. ***
*** Bug 199532 has been marked as a duplicate of this bug. ***
*** Bug 202083 has been marked as a duplicate of this bug. ***
*** Bug 202890 has been marked as a duplicate of this bug. ***
*** Bug 203236 has been marked as a duplicate of this bug. ***
It's been working great for me since the fix and others seem to share this
sentiment. Verifying.
Status: RESOLVED → VERIFIED
I'm CC'ed on this after I opened bug #99591.

Unfortunately, I still cannot login to my Leumi Bank account following
the fix: 1.4rc1 fails, while 1.3.1 works just fine.
If there is any debugging info I can provide, I'd be glad to do so,
but I'd need instruction on what and how.

It would be great if the bug is solved by 1.4, because for me not solving it
means I cannot move to 1.4.  I'm not allowed to reopen the bug, but I think
this should be the case.


the issue you describe is different from this one - please open a new bug
report, and provide the following details:

1) the URL & steps to reproduce,

2) your cookie & javascript preferences
(Edit->Preferences->Privacy&Security->Cookies &
Edit->Preferences->Advanced->Scripts&Plugins);

3) if those look okay, a cookie log showing the login problem (instructions for
win32 can be found at http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1,
same idea applies for linux)

if you could do that at your earliest convenience, that'd be great - if we have
a cookie regression, it'd be nice to fix before 1.4 ships ;)
also, please assign the bug to me when you file it. thx!
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: