Closed Bug 276557 Opened 20 years ago Closed 20 years ago

Washington Mutual Session Cookie Issues?

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 263057

People

(Reporter: arcani, Assigned: bugzilla)

References

(
URL
)

Details

SUMMARY:
It appears that Washington Mutual (aka WAMU) has recently changed how their ASP
based site handles Session Cookies? The tech support person at WAMU told me WAMU
had filed a bug report with Mozilla, but I can't find it, that Firefox needs to
"fix" how Firefox 1.0 handles Session Cookies with WAMU's new site.

However, I am **still** able to access WAMU with my existing User ID with:
Firefox build 20040803 Firefox/0.9.3.  :-O

This bug report was observed when using pre-built MSI installer:
20041230 Firefox/1.0+ on Windows 2000 Pro SP4

ISSUE:
Can't logon with existing User ID or create new User ID at:
https://login.business.wamu.com/logon/logon.asp

STEPS TO REPRODUCE:
1) Goto: https://login.business.wamu.com/logon/logon.asp
2) Click on "create User ID" button
3) Click on "sign up now" button; This will take you to:
https://login.business.wamu.com/registration/CreateLogonEntry.asp
4) Input information into the required fields to create a new user ID. Making
sure to read User ID and password requirements (password >8; must contain at
least 1 alpha + 1 numeric)
5) Click on "next" button

EXPECTED RESULTS:
A confirmation page to confirm the creation of the new user ID

ACTUAL RESULTS:
Redirected back to:
https://login.business.wamu.com/registration/CreateLogonEntry.asp

With following error information on the same page:

Some of the information you entered is missing or incorrect. Please check all
highlighted messages below.

    * Please enter letters and numbers in First Name. The following are some of
the special characters that are not allowed: < > | } { [ ]
    * Please enter letters and numbers in Last Name. The following are some of
the special characters that are not allowed: < > | } { [ ]
    * Please select Date of Birth (Month).
    * Please select Date of Birth (Day).
    * Please enter Date of Birth (Year).
    * Please enter a valid email in E-Mail Address.
    * Please enter a valid email in E-Mail Address Confirmation.
    * Please enter a valid User ID, 6 - 32 characters long with no spaces in
User ID. The following special characters are allowed: ! # $ , - . _ Do not
create a User ID containing 9, 16 or 17 numbers, such as your Social Security
number or ATM card number.
    * Please enter a valid password in Password. Passwords must contain at least
one letter, one number, and be 8-32 characters long with no spaces. The
following special characters are allowed: ! # $ , - . _
    * Please enter a valid password in Password Confirmation. Passwords must
contain at least one letter, one number, and be 8-32 characters long with no
spaces. The following special characters are allowed: ! # $ , - . _

NOTES: OS X 10.3 with Safari 1.2.4 (v125.12) works correctly with updated WAMU site

Hope this is fixed in FF 1.0 soon, so I can login to my account again. ;-P
ok... I don't understand why reloading the page after submitting the bug created
Bug #276558 and #276559... :-/
*** Bug 276558 has been marked as a duplicate of this bug. ***
*** Bug 276559 has been marked as a duplicate of this bug. ***
After more digging around, found Bug# 272378 (and Bug# 263057):

>The problem is that Firefox really, really wants a copy of
>https://login.personal.wamu.com/favicon.ico so it requests it with every
>pageview, and every time gets redirected to
>https://login.personal.wamu.com/logon/logon.asp?dd=1 where it gets a full new
>set of cookies.
>
>Client-side workaround: go to the URL about:config and set
>browser.chrome.favicons to false by double-clicking it.

>Server-side workaround: either put a favicon.ico there where we so desperately
>want one, or at least ensure that it doesn't redirect to somewhere that will
>give a fresh set of session cookies.

WORKAROUND CONFIRMED:
browser.chrome.favicons = false

Will enable me to logon with Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.7.5) Gecko/20041107 Firefox/1.0

Confirmed the default for FF 0.9.3 is browser.chrome.favicons = true. BUT, why
does FF 0.9.3 work correctly, but FF 1.0 and FF 1.0+ doesn't?!?! ug!

After reading Bug# 263057, no one has acknowledged that FF 0.9.3 doesn't require
a client site workaround like FF 1.0 does.

I concur with Mark Jackson:
https://bugzilla.mozilla.org/show_bug.cgi?id=263057#c17
>Certainly looks like it.  I have just tested real 1.0 on the US HSBC site and
>confirmed that the undesirable behavior is unchanged.  Setting
>browser.chrome.favicons = false is an effective workaround, but one not likely
>to occur to the average new user who finds 1.0 won't work with his or her bank
>site!  Can we get some action on this for 1.1?

*** This bug has been marked as a duplicate of 263057 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
(In reply to comment #5)
> 
> *** This bug has been marked as a duplicate of 263057 ***

Thanks! We just had a Mid Air Collision!!! hahaa I was marking this a dup of
Bug# 263057
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.