Closed Bug 391712 Opened 18 years ago Closed 18 years ago

attempt to hit secure page after login bumps you back to login as if you weren't logged in at all.

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
2.0 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: dbenedett, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6/2.0.0.6 Issue: When you log into my company website and get into your account. if you select the link "update your credit card information" which is a secured page, you will get logged off. It must be not be recognizing the (cftoken/cfid) cookies? Background info: I am a jr web developer and am using version Mozilla version 2.0.0.6, my company's website is written using ColdFusion MX7. A co-worker of mine uses an older version of Mozilla and there is no issue (1.0.0.6) and there is no issue with Internet Explorer. Reproducible: Always Steps to Reproduce: 1. Log in to a site that is unsecured but offers a secure page 2. Click on link to go to secure page 3. You will be bounced to the login screen as if you weren't logged in at all. Expected Results: bounced back to login screen shoudl have taken you to our (internal) secure page - https. if the user logs in a second time they will be able to load the page, but it will no longer be secure. This gives the site vulnerability.
Summary: attempt to hit secure page after login bumps you back to login as if you wernet logged in at all. → attempt to hit secure page after login bumps you back to login as if you weren't logged in at all.
Version: unspecified → 2.0 Branch
Can you give more specific steps to reproduce with a URL we can test? I doubt this is a security hole in Firefox, or even a bug in Firefox that affects a large number of sites that support both http and https, so I'm making the bug report public.
Group: security
It seems likely that this is a problem with the webapp you're using. Does it work in other browsers?
Oh, sorry, I missed your comment about it working in IE and previous versions of Mozilla.
My apologies, as it turns out this is not a browser issue.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.