Closed
Bug 416356
Opened 17 years ago
Closed 16 years ago
Does not accept domain cookies issued by subdomains sites like bugzilla.mozilla.org cannot issue a mozilla.org cookie
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: riccirj, Unassigned)
References
()
Details
(Keywords: privacy)
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
I have a website with URL athena.rdc.puc-rio.br. This website has a login page that redirects the authenticated user to several websites under the .puc-rio.br domain, like puconline.puc-rio.br. So the authentication ticket is issued as .puc-rio.br to be accessible by all subdomain websites, but the firefox 3 does not accept "domain cookies". When I enter using the Second Version of firefox everything works perfectly. Several Websites authenticates theirs users in that way.
Reproducible: Always
Steps to Reproduce:
1.I can send you all the steps needed to reproduce but These steps are confidencial, should not be visible in bug tracker because its a internal application that needs user and password
2.
3.
Comment 1•17 years ago
|
||
i'm not sure i understand the problem completely:
1) are you having problems with firefox 3, but firefox 2.0 works? (if so, which alpha or beta version of firefox 3?)
2) do you think this is a problem with firefox handling login cookies, or some other authentication mechanism?
if this is a cookie problem, the first step is to generate a cookie log demonstrating the problem. can you please follow the steps at http://developer.mozilla.org/en/docs/Creating_a_Cookie_Log, and attach the log here?
Version: unspecified → Trunk
Comment 2•16 years ago
|
||
If I understood well, he said a subdomain, bugzilla.mozilla.org, can't create a cookie that is valid for mozilla.org and all its subdomains.
If so, this not seems to me a bug but a security feature. And I'm a bit surprised to read Firefox 2 doesn't have it...
Comment 3•16 years ago
|
||
(In reply to comment #2)
> If so, this not seems to me a bug but a security feature. And I'm a bit
> surprised to read Firefox 2 doesn't have it...
creating a domain cookie accessible to higher-level domains is valid behavior. we need a cookie log, as noted in comment 1, to proceed further here.
Comment 4•16 years ago
|
||
(In reply to comment #3)
> creating a domain cookie accessible to higher-level domains is valid behavior.
Of course, but he's not writing about the contrary, that is cookie accessible lo lower level domains? From the report:
> I have a website with URL athena.rdc.puc-rio.br. This website has a login page
> that redirects the authenticated user to several websites under the
> .puc-rio.br domain
For what I've understood, the login page is at athena.rdc.puc-rio.br, and not at .puc-rio.br
Anyway you are completely right, we need his cookie log ^___^
Comment 5•16 years ago
|
||
At this point doesn't look like we'll get any more information, resolving incomplete.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INCOMPLETE
Reporter | ||
Updated•16 years ago
|
Resolution: INCOMPLETE → FIXED
Comment 6•16 years ago
|
||
Reporter, if now the problem seems to be resolved but you don't know why, the bug must be resolved as WFM. I change the resolution :-)
Resolution: FIXED → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•