Last Comment Bug 198870 - Yahoo Mail login is broken (javascript reading of document.cookie returns nothing)
: Yahoo Mail login is broken (javascript reading of document.cookie returns not...
Status: VERIFIED FIXED
: regression
Product: Core
Classification: Components
Component: Networking: Cookies (show other bugs)
: Trunk
: All All
: -- blocker (vote)
: ---
Assigned To: dwitte@gmail.com
: Tom Everingham
Mentors:
https://login.yahoo.com/config/login?...
: 199233 199252 199351 199532 202083 202890 203236 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-03-23 11:43 PST by Stephen Walker
Modified: 2003-09-01 16:26 PDT (History)
25 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
don't check for firstUri (1.03 KB, patch)
2003-03-24 13:51 PST, Michiel van Leeuwen (email: mvl+moz@)
dwitte: review+
darin.moz: superreview+
Details | Diff | Review

Description Stephen Walker 2003-03-23 11:43:45 PST
After bug 198751 was fixed, the problem of duplicate cookies is gone, but now 
the login just continually generates different .rand values and never succeeds 
in logging in. New cookie log at 
(http://home.bluemarble.net/~walk84/Mozilla/ck_ym.log)

Anyone that is triaging today's bug list, DO NOT dupe this bug to bug 198751.
Comment 1 Stephen Walker 2003-03-23 11:54:08 PST
So..., after mvl asked me to set the disable cookies for mailnews pref to false,
user_pref("network.cookie.disableCookieForMailNews", false);, the login works.
Comment 2 Michiel van Leeuwen (email: mvl+moz@) 2003-03-23 12:02:35 PST
It turns out that reading cookies with javascript is broken. document.cookies
always returns nothing. This will break lots of sites.
Comment 3 Olivier Cahagne 2003-03-23 13:58:01 PST
It also breaks http://imp.free.fr/ which uses IMP 2.2.6.
Comment 4 Benedikt Kantus 2003-03-23 21:56:32 PST
Is this is a dupe of bug 198751?
Comment 5 Michael Lefevre 2003-03-24 08:15:54 PST
Benedikt: no, it isn't. that's why it says "DO NOT dupe this bug to bug 198751"
in the report!
Comment 6 meniscus 2003-03-24 08:59:38 PST
FWIW, I can testify that it also busts My Netscape, eBay, and E*TRADE, among 
others... using 2003032108 on WinXP. Note that this build worked until I 
installed the 0322 nightly; since then I have tried re-installing, and even 
deleting my Mozilla directory and installing 0321 clean, but the bug persists, 
so it must have modified one of the user prefs or something...
Comment 7 Michiel van Leeuwen (email: mvl+moz@) 2003-03-24 11:09:06 PST
As a workaround, you can enable cookies for mailnews. (preferences -> privacy ->
cookies)
Comment 8 Christopher Wanko 2003-03-24 11:42:42 PST
confirmed this bug for build 2003032404, win98se;
the proposed workaround does nothing to alleviate problems with Yahoo! Mail.
Comment 9 Michiel van Leeuwen (email: mvl+moz@) 2003-03-24 13:51:17 PST
Created attachment 118338 [details] [diff] [review]
don't check for firstUri

When reading a cookie from javascript (nsCookieService::GetCookieString) there
is no firstUri. So when checking for mailnews blocking, firstUri is null. So it
is assumened the cookie comes from mailnews.
This patch restores the old behaviour that no firstUri is ok.

This might not be the correct thing to do, but it will fix the issues for now.
Comment 10 Ed Goham 2003-03-24 15:30:52 PST
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030324
and Camino Build ID: 2003032408 are both having problems accessing Yahoo Mail,
can not log in.
When I try to log in at Excite.com I get the following message:  "The browser
you're using is not allowing you to sign in to Excite.
Right now, your browser's settings are configured to disable cookies and/or
javascript. In order to access your account, you must change your browser's
settings to accept both cookies AND javascript." The link is:
http://www1.excite.com/security/0,17167,,00.html
Comment 11 Alec Flett 2003-03-24 15:52:42 PST
dwitte needs to review this. We need to figure out why this pref is causing this
codepatch to fail - these are clearly not mail/news urls!
Comment 12 Darin Fisher 2003-03-24 18:03:31 PST
Comment on attachment 118338 [details] [diff] [review]
don't check for firstUri

yeah, this looks right to me.  unfortunate because it also means the "disable
cookies for mailnews" pref is not always honored, but that's how it was
previously and we still have an open bug on fixing that the right way. 
(requesting r= from dwitte)
Comment 13 dwitte@gmail.com 2003-03-24 22:12:44 PST
Comment on attachment 118338 [details] [diff] [review]
don't check for firstUri

yeah, we knew this would probably break when we made the change; although I did
think we'd be able to pull a firstURI from somewhere even in the java case
(there's some evil nsIHttpInternal QI'ing going on in there...)

r=dwitte, looks like we have to revert until we can get it fixed properly :(
Comment 14 dwitte@gmail.com 2003-03-24 22:41:13 PST
darin, alecf, someone: any chance one of you could check this in? thx!
Comment 15 dwitte@gmail.com 2003-03-25 11:08:50 PST
checked in by timeless @ 1108hrs
Comment 16 David Barr 2003-03-25 15:30:10 PST
Still broken in 

Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030325

Comment 17 dwitte@gmail.com 2003-03-25 15:46:34 PST
David: are you sure your build was made after 11.08 thismorning?
Comment 18 Ed Goham 2003-03-25 16:50:33 PST
I can confirm that it is still broken in this build:

Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030325

The disk image is time stamped 8:29AM

This issue for me affects Yahoo login, Excite login and dot Mac login.

Preferences are to accept all cookies.

Note: I am experiencing the same in Camino Build ID: 2003032408, todays build is
not posted, tinderbox shows many breaks for Camino.
Comment 19 dwitte@gmail.com 2003-03-25 16:53:15 PST
well, the fix was checked in @ 1108 thismorning, so it'll obviously still be
broken in any build before that...

testing results on a build made thisafternoon would be useful
Comment 20 Mike Stockman 2003-03-25 17:01:43 PST
Today's Win32 nightly (build 2003032508) works for me, and it was definitely not
working for me yesterday. Thanks for the quick fix.
Comment 21 Michael Lefevre 2003-03-25 17:10:56 PST
Mike - that's interesting, because your build was made at 0800 (that's what the
08 on the end of the buildid is), and this fix wasn't made until 1108. your
mozilla build must be prescient... anyway, as long as it works.

if anyone is seeing this problem in a build later that 2003032512 (that is,
about 12pm on March 25th), then that's worth commenting on.  if you're using an
earlier build than that, then please don't comment...
Comment 22 Mike Stockman 2003-03-25 18:27:49 PST
According to the time stamp, the build was made after 1pm, several hours after
the fix was available. Regardless, it works.
Comment 23 Scott Kester 2003-03-25 18:50:10 PST
I just grabbed the latest linux build 2003032517 and yahoo mail login is still
broken.  I think this needs to be reopened.
Comment 24 dwitte@gmail.com 2003-03-25 18:55:42 PST
scott: thanks for the info - looking into it. can you generate a cookie log for
your yahoo login, so we can find the failure reason?

if you're not sure how to generate a cookie log, see
http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1
Comment 25 dwitte@gmail.com 2003-03-25 18:56:54 PST
uhh, i see you're running linux, so those win32 instructions won't work, but i
guess you get the idea... ;)
Comment 26 Scott Kester 2003-03-25 19:06:38 PST
Dan, here is the cookie log data you requested:
(Note this is only part of it but it just seems to repeat in a circular loop)

16384[809c7e8]: ===== COOKIE SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: cookie string: B=d2fa820v0n9ac&b=2&f=v;
I=ir=av&in=6a900a36&i1=AAAJA7BbC2DpFvMiMnMwP7CxACEqFTCzABemDDACUGUY; PU=t=1;
CRZY1=t=2
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because cookies disabled for mailnews
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because cookies disabled for mailnews
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE ACCEPTED =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: cookie string: CRZY1=t=1; expires=Fri, 28 Mar 2003 03:01:57 GMT;
domain=www.yahoo.com; path=/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: ----------------
16384[809c7e8]: name: CRZY1
16384[809c7e8]: value: t=1
16384[809c7e8]: domain: .www.yahoo.com
16384[809c7e8]: path: /
16384[809c7e8]: expires: Fri Mar 28 03:01:57 2003 GMT
16384[809c7e8]: is secure: false
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://www.yahoo.com/
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because cookies disabled for mailnews
16384[809c7e8]:
16384[809c7e8]: ===== COOKIE NOT SENT =====
16384[809c7e8]: request URL: http://us.i1.yimg.com/us.yimg.com/i/ww/m6v9.gif
16384[809c7e8]: current time: Wed Mar 26 03:01:57 2003 GMT
16384[809c7e8]: rejected because originating server test failed
Comment 27 Scott Kester 2003-03-25 19:16:22 PST
By the way, enabling cookies for mailnews still fixes the problem as the cookie
log suggested it would :-)
Comment 28 dwitte@gmail.com 2003-03-25 19:17:37 PST
okay, so i've double-checked things, and i don't really know what to say... the
failure condition the log shows is now impossible, unless the cookies really are
from mailnews _and_ they're not being set/read by javascript _and_ you have the
"block cookies from mailnews" pref set.

so i'm guessing the build time must be inaccurate; it must've been built before
the fix went in...

given that disabling "block cookies from mailnews" makes it work again, i'd
recommend you get a later build (if possible) and test that.

thanks for the quick response!
Comment 29 Scott Kester 2003-03-25 19:28:26 PST
OK Dan, I'll grab a new build first thing tommorow and re-test, assuming mozilla
is still alive after all of tonights 1.4a crash landings ;-)
Comment 30 dwitte@gmail.com 2003-03-25 19:31:55 PST
heh, okay, thanks... in the meantime, i'll see if i can confirm before the
freeze tonight.
Comment 31 Ed Goham 2003-03-26 01:42:32 PST
Camino Build ID: 2003032517 25-Mar-2003 22:57 has fixed the issues I had with
Yahoo, Excite and .Mac.

Thanks for the prompt fix.:)
Comment 32 dwitte@gmail.com 2003-03-26 01:48:09 PST
glad to hear it; thanks for confirming!
Comment 33 Scott Kester 2003-03-26 06:13:51 PST
Dan, I can confirm that in this mornings linux build (2003032604) the bug IS
fixed.  Your theory on the bad build timestamp last night appears to have been
correct.
Comment 34 Frankie 2003-03-26 06:52:56 PST
The latest Mozilla Mach-O is still 25-Mar-2003 08:29 (unpatched). Guess I'll use
Safari today instead.
Comment 35 Jerry Baker 2003-03-26 10:50:31 PST
2003032604 trunk

There are still some very bizarre things happening with Yahoo! mail. Try
replying to a message and then clicking "Return to message" after sending.
Instead of returning to the message you are returned to the mail composition
screen. Loggin out of Yahoo! Mail and back in brings you to a composition
screen. After following the above steps, there is no way to get the Inbox to
display without deleting all of the Yahoo! cookies and logging in again.
Comment 36 dwitte@gmail.com 2003-03-26 12:46:30 PST
*** Bug 199252 has been marked as a duplicate of this bug. ***
Comment 37 dwitte@gmail.com 2003-03-26 13:11:30 PST
Jerry: i'm unable to reproduce your problems on 2003032611. could you try
updating to the latest trunk?

if you still have problems, please file a new bug (and cc me), and provide the
following details:

a) all your cookie preferences (including javascript permissions)
b) a cookie log for your yahoo mail login (if you're running windows, you can
find instructions at http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1).

thanks!
Comment 38 dwitte@gmail.com 2003-03-26 14:43:22 PST
*** Bug 199351 has been marked as a duplicate of this bug. ***
Comment 39 dwitte@gmail.com 2003-03-26 17:18:27 PST
*** Bug 199233 has been marked as a duplicate of this bug. ***
Comment 40 Ian Neal 2003-03-27 15:05:21 PST
*** Bug 199532 has been marked as a duplicate of this bug. ***
Comment 41 Max Alekseyev 2003-04-15 03:37:33 PDT
*** Bug 202083 has been marked as a duplicate of this bug. ***
Comment 42 Olivier Cahagne 2003-04-22 09:43:59 PDT
*** Bug 202890 has been marked as a duplicate of this bug. ***
Comment 43 Olivier Cahagne 2003-04-24 15:29:44 PDT
*** Bug 203236 has been marked as a duplicate of this bug. ***
Comment 44 Steve Wardell 2003-04-24 15:39:34 PDT
It's been working great for me since the fix and others seem to share this
sentiment. Verifying.
Comment 45 Ariel Tankus 2003-06-01 23:43:37 PDT
I'm CC'ed on this after I opened bug #99591.

Unfortunately, I still cannot login to my Leumi Bank account following
the fix: 1.4rc1 fails, while 1.3.1 works just fine.
If there is any debugging info I can provide, I'd be glad to do so,
but I'd need instruction on what and how.

It would be great if the bug is solved by 1.4, because for me not solving it
means I cannot move to 1.4.  I'm not allowed to reopen the bug, but I think
this should be the case.

Comment 46 dwitte@gmail.com 2003-06-02 00:03:34 PDT
the issue you describe is different from this one - please open a new bug
report, and provide the following details:

1) the URL & steps to reproduce,

2) your cookie & javascript preferences
(Edit->Preferences->Privacy&Security->Cookies &
Edit->Preferences->Advanced->Scripts&Plugins);

3) if those look okay, a cookie log showing the login problem (instructions for
win32 can be found at http://bugzilla.mozilla.org/show_bug.cgi?id=193951#c1,
same idea applies for linux)

if you could do that at your earliest convenience, that'd be great - if we have
a cookie regression, it'd be nice to fix before 1.4 ships ;)
Comment 47 dwitte@gmail.com 2003-06-02 00:04:22 PDT
also, please assign the bug to me when you file it. thx!

Note You need to log in before you can comment on or make changes to this bug.