Closed Bug 306429 Opened 19 years ago Closed 19 years ago

Camino accepts cookies it is not supposed to

Categories

(Camino Graveyard :: General, defect)

Product:
Camino Graveyard
Component:
General
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME

People

(Reporter: hahn, Assigned: mikepinkerton)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050718 Camino/0.9a2
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050718 Camino/0.9a2

1. Camino accepts all sorts of cookies without asking (eg. from doubleclick.net,
tradedoubler.com etc.) even though these sites are not listed in cookie
exception list.

2. Camino ignores the network.cookie.lifetimePolicy preferences. A value of "2"
means session only, yet all cookies are stored permanently.

Reproducible: Always

Steps to Reproduce:
1. Set the following preferences:
   network.cookie.cookieBehavior=0
   network.cookie.lifetimePolicy=2
2. Empty Preferences->Privacy->Edit Exception List
3. Surf some sites, accepting only the cookies needed, e.g. from mozilla.org
4. Close Camino and restart.

Actual Results:  
Camino stores several cookies from sites such as doubleclick.net,
tradedoubler.com etc. even though
1. Camino was never allowed to accept them in and
2. Camino should have deleted any cookie after closing.

Expected Results:  
1. Accept only cookies that the user accepts.
2. Delete all cookies on exit if network.cookie.lifetimePolicy=2.


I consider this bug "Major" since it gives the user a wrong feeling of privacy
while advertising sites are allowed to profile the user.
One issue per bug, please.
OK, issue number two is now bug 306542. This bug is about Camino accepting
cookies even though it is supposed to reject them.

I'll try to come up with a testcase.
Summary: cookie management broken → Camino accepts cookies it is not supposed to
network.cookie.cookieBehavior = 0 means accept all cookies so if you set that
accepting all cookies is the right behavior.
OK, maybe leave this bug for a while until I have a site to demonstrate it.
Do you have a site that demonstates this yet?
Whiteboard: need info
Thanx for asking. Yes, I have I URL now and I suspect it is related to
suppressed ads. Partially related to JavaScript.

Steps to reproduce:
1. Set prefs to accept cookies from any site, check "ask before accepting".
   Set prefs to block web ads and pop-ups. Enable/Disable JavaScript.
2. Clear cookies and Exceptions List
3. Visit http://www.map24.com
4. When asked whether to accept a cookie from map24.com, deny and remember.

Expected results:
Camino asks whether to accept cookies from .as-eu.falkag.net and map24.ivwbox.de
and acts accordingly.

Actual results:
Camino stores one cookie from map24.ivwbox.de (a site meter) without asking and
ads map24.ivwbox.de to the Cookie Exception List with status "Allow".

If JavaScript is enabled, Camino stores in addtion various cookies from
.as-eu.falkag.net (an ad farm) without asking and ads a.as-eu.falkag.net to the
Cookie Exception List with status "Allow".

Regression:
Actual results may vary if connecting from outside Germany, but probably some
cookies will be set.
URL: http://www.map24.com
I can't reproduce this at all.  Camino 2005092304 (v1.0a1+), fresh profile
before each test.

No JS: I was asked if I wanted to accept cookies from www.us.map24.com and
map24.ivwbox.de; I chose deny and remember on both, and they both appeared in
the deny list.  There were no cookies saved.

With JS: I was asked if I wanted to accept cookies from www.us.map24.com,
map24.ivwbox.de, and servedby.advertising.com; I chose deny and remember on
each, and all three appeared in the deny list.  There were no cookies saved.


Torben, can you take a look and see if being in Europe gets you different
sites/cookies (the falkag stuff) and perhaps those particular cookies get by
somehow?
Whiteboard: need info
Just checked a couple of revisions. Seems to me that this bug appeared somewhere
between 0.84 and 0.9a2 and got fixed since.

0.84: Correct behavior
0.9a2: This bug
latest nightly: apparently fixed.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Reopening to close WFM since we can't finger a specific checkin for the fix.
Status: RESOLVED → UNCONFIRMED
Resolution: FIXED → ---
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → WORKSFORME
I'd like this bug fix to be confirmed.  See  www.macosrumors.com  for a possible example of the bug in action.
I definitely can't reproduce the original problem, nor can I reproduce anything similar on http://www.macosrumors.com/

Verifying.

cl
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.