216578 - secure(?) Cookies failed

Status: RESOLVED WORKSFORME

(Core :: Networking: Cookies, defect)

Description

[Bugzilla]

User-Agent:       Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.5a) Gecko/20030718
Build Identifier: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.5a) Gecko/20030718


The https server complaints about that cookies are blocked.
But cookies are not blocked!
(tried with proxy and with direct internet connection)



Reproducible: Always

Steps to Reproduce:

To reproduce:
1. Clear all cookies in Cooki manager (only to make clear that a new cookie ist set)

2.https://brokerage.comdirect.de/brokerage/login/cori0004_login.jsp?permissionId=memberdatamaintenance&errorCode=0
  Or use the yellow button at http://www.comdirect.de/.

3. 2 Login formulars occurs side by side

4. After 5 sec an error message claims, that cookies are not enable.
But a cookie is set, 

5. according to cookie manager:
Name: jsession
Content:C155MXJVMDY3VNPJNI5SLRQ
Host: brokerage.comdirect.de
Path: /
Server Secure: yes
Expires: at end of session
Policy: no policy about storing identifiable information








Actual Results:  


a)Error Message:
Cookies deaktiviert 	 
In Ihrem Internet Browser ist die Nutzung von Cookies deaktiviert. Die Nutzung
des Persönlichen Bereichs ist daher leider nicht möglich.
 
Zur Nutzung müssen mindestens sog. Session-Cookies (Sitzungscookies) zugelassen
sein. Bitte aktivieren Sie dies in Ihrem Internet-Browser. Weitere Hinweise über
Cookies und wie Sie diese aktivieren können, finden Sie in den FAQ zur neuen
Website.



Expected Results:  
Something like the login https://brokerage.comdirect.de/
(That login works because it does not require the jsession cookie.
But one half of the login is greayed out and disabled) 

The web page is a redesign of the old comdirect.
They actually claims to support Mozilla now!
 
Some time before that login works but with "Server Secure: no".
But the yellow "Login"-key did not turn into a "Logout" key as
it should when the logged-in cookie ist set.

Using IE6.0 under NT4 or Mozilla 1.4 under W2K the page works including
switching "login" to "logout"

Comment 1

[Darin Fisher]

reporter: can you please capture a cookie log for us?  here's the steps:

Make sure Mozilla is not running (be sure that Quick Launch is disabled). Then
open a DOS prompt, and type the following (this example assumes that you have
installed Mozilla in the default location):

  C:\> set NSPR_LOG_MODULES=cookie:5
  C:\> set NSPR_LOG_FILE=C:\log.txt

  C:\> cd "Program Files\mozilla.org\Mozilla"
  C:\Program Files\mozilla.org\Mozilla\> .\mozilla.exe

Now reproduce the login scenario, and when you are done exit Mozilla and look
for the generated log file: C:\log.txt

Please upload C:\log.txt to this bug report or feel free to email it to me
directly.  Also, you may want to inspect and/or touch-up the log file to make
sure that it does not include any sensitive/private information about yourself.
Thanks!!

Comment 2

[Bugzilla]

Attachment: The requested cookie log file

See attachment

Comment 3

[dwitte@gmail.com]

the cookie log isn't too helpful here, since it doesn't list the instances where
the cookie wasn't sent... a log for the same situation, but generated using 1.4,
would be really helpful to compare against.

Comment 4

[Bugzilla]

Tried as told with 1.5a with 1.4:

c:\log.txt stays empty! (But the error message about does not occure)

But:
To reproduce the problem you don't need any login information.
You can test it on your own, which saves a lot of time.

Thanks for the fast responses.

Comment 5

[Bugzilla]

comdirect have changed the login page!
Now the right login frame is always deactivated 
so the problem can't be reproduced any more.

Comment 6

[Bugzilla]

The problematic dual login page can now be found at

https://brokerage.comdirect.de/index.jsp?ziel=duallogin

The described problem with the cookies and 1.5a does not occur any more.
It seems to be fixed on server side.

Problem may be closed for mozilla.

Comment 7

[Mike Connor [:mconnor]]

resolving WORKSFORME based on reporter's comments.