Closed Bug 297490 Opened 20 years ago Closed 19 years ago

SSL elements (or other) being cached when browser.cache.disk_cache_ssl = false

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: majuki, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:needinfo]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

When loging into http://www.scotiaonline.com it allows first time without
incident.  If the browser is closed and re-opened and a second attempt is made
to login to the site it fails looping back to the start page with no error.  To
solve this I must go to another website, close scotiaonline.com and use clear
all in privacy options.  Note: tried doing clear cache only and does not work. 
Once clear all has been used loging in is possible once again.  This can be
easily reproduced, however may be difficult to solve as it is a bank's website.

Reproducible: Always

Steps to Reproduce:
1. Login to scotiaonline.com
2. Close browser
3. Re-open browser
4. Login to scotiaonline.com again

Actual Results:  
Fails, loops back to initial login page, no error message.

Expected Results:  
Logged into site.

Notes:  I believe this to be a problem with the code recognizing a previous
version of the site or some of its session information still being stored in the
browsers memory, because this is a problem with a highly secured site and may
relate to SSL being cashed I upped the severity, other than that it is easily
correctable and only results in minor loss of function.


InfoLister dump:

Last updated: Sun, 12 Jun 2005 17:32:48 GMT
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8)
Gecko/20050511 Firefox/1.0.4
Extensions (enabled: 58, disabled: 0)

    * A's Yahoo! mail notifier 0.6
    * Adblock 0.5.2.039
    * BetterSearch 1.8.5
    * ChatZilla 0.9.68a
    * Compact Menu 1.7.2
    * Context Highlight 0.2
    * CookieCuller 1.2.0
    * CuteMenus 0.4
    * Define Word 0.5.1
    * Dict 0.6.8
    * DictionarySearch 0.9.2
    * Disable Targets For Downloads 0.9
    * Download Manager Tweak 0.6.6
    * Download Statusbar 0.9.2
    * downTHEMall! 0.9.4
    * Enhanced History Manager 0.5.1.00
    * eWebMail Color and Graphics 2.13
    * FastDic 0.2.4
    * Flags 0.4
    * Forecastfox 0.7.9.2
    * FoxyTunes 1.1
    * Image Toolbar 0.5
    * Image Zoom 0.1.7
    * InfoLister 0.8.2
    * LastTab 1.1
    * Launchy 3.9.0
    * lget 0.1
    * Linkification 0.9.20
    * Location Navigator 0.3
    * LookAhead 1.4
    * MapIt! 0.4
    * miniT (drag+indicator) 0.5
    * Named anchors 0.15
    * NextPlease 0.6.3
    * Open link in... 1.3
    * OpenDownload 0.2.1
    * Print It! 0.3.1
    * Print Preview 0.4
    * QuickNote 0.6.0.1
    * Search Keys 0.6
    * SearchWP 0.4.3
    * SessionSaver .2 0.2.1.025
    * Show Image 0.3
    * Smiley Xtra 3.0.1
    * Sort Extensions 1.0
    * StockTicker 0.5.2
    * Stop-or-Reload Button 0.1
    * Super DragAndGo 0.2.4d1
    * SwiftTabs 0.3
    * Tabbrowser Preferences 1.2.5
    * TargetAlert 0.8.2
    * View Cookies 1.2
    * ViewSourceWith 0.0.7
    * WebmailCompose 0.6.1
    * Work Offline 0.6
    * xMirror 0.2
    * Flashblock 1.3.1
    * Launchy 4.0.0

Themes (1)

    * Firefox (default) 2.0 [selected]

Plugins (12)

    * Mozilla Default Plug-in
    * RealJukebox NS Plugin
    * RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
    * RealPlayer Version Plugin
    * QuickTime Plug-in 6.5.1
    * Adobe Acrobat
    * Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla
    * Shockwave for Director
    * Shockwave Flash
    * Java(TM) 2 Platform Standard Edition 5.0 Update 2
    * Microsoft® DRM
    * Windows Media Player Plug-in Dynamic Link Library
browser.cache.disk_cache_ssl defaults to false; does the fact that you mention
this prominently in the summary mean you've tried setting it to true and it
solves the problem? I'm guessing no and no: I think this is a red herring. (1:
the setting means we don't cache SSL, and 2) you cleared the cache anyway and it
didn't help)

When you say "the browser is closed" do you mean you exited Firefox (closing all
windows), or simply closed the Scotia window leaving others open? This is much
more likely a cookie issue, possibly an error on the site's part. Cookies would
be cleared when you select "clear all".

Since I don't have an account I can't test this further. It would be very
helpful if you created a cookie log following the instructions at
http://www.mozilla.org/projects/netlib/cookies/cookie-log.html

This is not sounding like a security problem.
Whiteboard: [sg:needinfo]
No response from reporter, making public so more people have a chance to test.
Group: security
Bug resolved in 1.5.x
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Status: RESOLVED → UNCONFIRMED
Resolution: FIXED → ---
WFM, since we don't know what fixed it.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.