Improper handling of cookie exceptions that have exceptions

RESOLVED DUPLICATE of bug 317229

Status

()

RESOLVED DUPLICATE of bug 317229
12 years ago
11 years ago

People

(Reporter: thebugreporter, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
Build Identifier: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5

This is a bug I've been wanting to report for a long time, but I only now found a decent site with which to illustrate it properly.  Sorry about the length of this, but it's necessary to fully understand where the bug is.

Diagnostic Sequence I
---------------------
Steps to Perform:
1. Create a new profile with no extensions (except DOM Inspector).
2. Run Firefox using this new profile.
3. Go to <http://www.bigfishgames.com/online-games/index.html>.

Observed Behavior:
a. The page sent from the site requests an eMail address.

Steps (continued):
4. Enter a valid-looking eMail address and click "Submit".

Behavior (continued):
b. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies lists, among others, cookies for ".bigfishgames.com" named "cookie_ol_passthru" (which expires five years from now), and "OAX" (which expires 2020/12/31).
c. The page sent from the site lists available games.

Steps (continued):
5. Delete all cookies except the one for ".bigfishgames.com" named "cookie_ol_passthru".
6. Restart Firefox using the same profile.

Behavior (continued):
d. Tools | Options | Privacy | Cookies | Show Cookies shows that the undeleted cookie was retained.

Steps (continued):
7. Go to <http://www.bigfishgames.com/online-games/index.html>.

Behavior (continued):
e. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies lists, among others, a cookie for ".bigfishgames.com" named "cookie_ol_passthru" (which expires five years from now), and "OAX" (which expires 2020/12/31).
f. The page sent from the site lists available games; the request for an eMail address is bypassed.

Diagnostic Sequence II
----------------------
Steps to Perform:
1. Create a new profile with no extensions (except DOM Inspector).
2. Run Firefox using this new profile, AND set Tools | Options | Privacy | Cookies | Keep until: to "I close Firefox".
3. Go to <http://www.bigfishgames.com/online-games/index.html>.

Observed Behavior:
a. The page sent from the site requests an eMail address.

Steps (continued):
4. Enter a valid-looking eMail address and click "Submit".

Behavior (continued):
b. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies lists, among others, cookies for ".bigfishgames.com" named "cookie_ol_passthru" and "OAX", BUT this time both expire "at end of session".
c. The page sent from the site lists available games.

Steps (continued):
5. Delete all cookies except the one for ".bigfishgames.com" named "cookie_ol_passthru".
6. Restart Firefox using the same profile.

Behavior (continued):
d. Tools | Options | Privacy | Cookies | Show Cookies shows that the undeleted cookie was NOT retained.

Steps (continued):
7. Go to <http://www.bigfishgames.com/online-games/index.html>.

Behavior (continued):
e. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies does NOT list cookies for ".bigfishgames.com" named "cookie_ol_passthru" or "OAX".
f. The page sent from the site again requests an eMail address.

Diagnostic Sequence III
-----------------------
Steps to Reproduce BUG:
1. Create a new profile with no extensions (except DOM Inspector).
2. Run Firefox using this new profile, set Tools | Options | Privacy | Cookies | Keep until: to "I close Firefox", AND set the following Exceptions:
-- bigfishgames.com = Allow
-- www.bigfishgames.com = Allow for Session
3. Go to <http://www.bigfishgames.com/online-games/index.html>.

Observed Behavior:
a. The page sent from the site requests an eMail address.

Steps (continued):
4. Enter a valid-looking eMail address and click "Submit".

Behavior (continued):
b. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies lists, among others, cookies for ".bigfishgames.com" named "cookie_ol_passthru" (which expires "at end of session"), and "OAX" (which expires 2020/12/31).
c. The page sent from the site lists available games.

EXPECTED Behavior:
B. Treatment of all cookies for ".bigfishgames.com" should be consistent; all should retain their site-specified expiration dates.

Steps (continued):
5. Delete all cookies except the one for ".bigfishgames.com" named "cookie_ol_passthru".
6. Restart Firefox using the same profile.

Behavior (continued):
d. Tools | Options | Privacy | Cookies | Show Cookies shows that the undeleted cookie was NOT retained.

EXPECTED Behavior:
D. The undeleted cookie should have been retained; it should not have had its date altered to prevent retention, as an exception specifically intended to prevent this was and is present.

Steps (continued):
7. Go to <http://www.bigfishgames.com/online-games/index.html>.

Behavior (continued):
e. After the page is loaded, Tools | Options | Privacy | Cookies | Show Cookies does NOT list cookies for ".bigfishgames.com" named "cookie_ol_passthru" or "OAX".
f. The page sent from the site again requests an eMail address.

EXPECTED Behavior:
F. The page sent from the site should list available games; the request for an eMail address should have been bypassed.

Reproducible: Always

Comment 1

11 years ago
wow, thorough description. ;)

this has already been filed as bug 317229... in particular see https://bugzilla.mozilla.org/show_bug.cgi?id=317229#c9.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 317229
You need to log in before you can comment on or make changes to this bug.