Cookies not sent from "Save Link As..."

VERIFIED DUPLICATE of bug 437174

Status

()

--
major
VERIFIED DUPLICATE of bug 437174
11 years ago
11 years ago

People

(Reporter: sutton, Unassigned)

Tracking

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0

When downloading a file via the "Save Link As..." context menu, the Cookie header is not submitted.  Selecting "Open Link in New Window" from the same menu for the same link does result in the cookie being submitted.

Naturally, this prevents the saving of any file, which is dependent on a cookie.

Bug 426902 is probably caused by this problem, as perhaps some others which report odd "Save Link As..." behaviour.

Reproducible: Always

Steps to Reproduce:
1.Find a link to a file on a site which uses cookies, and open HTTP request/header capture window (e.g. proxomitron).
2.Select "Save Link As..." from context menu.
3.Watch the request go without the Cookie header.
4.Try "Open Link in New Window" for the same link.
5.Watch as this time, the Cookie header is sent.

NB: this is not sequence dependent, 2/3 and 4/5 can be performed in any order, any number of times with the same results.
Actual Results:  
No cookie sent in step 3, cookie sent in step 5

Expected Results:  
Cookie should be sent in step 3

Comparison with Firefox 2 on the same site did result in correct sending of the cookie (I didn't actually examine the headers but the cookie dependent download was successful with 2)
(Reporter)

Updated

11 years ago
Version: unspecified → 3.0 Branch
(Reporter)

Updated

11 years ago
Version: 3.0 Branch → Trunk
Can you provide us an example link?

Comment 2

11 years ago
WFM.  I see the cookies sent in the HTTP request with Save Link As.  Do you see this problem when you run Firefox in Safe Mode?
(Reporter)

Comment 3

11 years ago
Example URL: http://www.mozilla-europe.org/en/firefox/
Using the "Free Download" link

-----------------------------First up is the "Save Link As...."

*** Log Reset ***

+++GET 1652+++
GET /?product=firefox-3.0&os=win&lang=en-GB HTTP/1.1
Host: download.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.mozilla-europe.org/en/firefox/
Pragma: no-cache
Cache-Control: no-cache
Connection: keep-alive
Browser reload detected...

+++RESP 1652+++
HTTP/1.1 302 Found
Date: Mon, 07 Jul 2008 11:32:19 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: dmo=10.2.81.4.1215430339680852; path=/; expires=Tue, 07-Jul-09 11:32:19 GMT
X-Powered-By: PHP/5.1.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, private
Pragma: no-cache
Location: http://mozilla.mirror.pop-sc.rnp.br/mirror/mozilla.org//firefox/releases/3.0/win32/en-GB/Firefox%20Setup%203.0.exe
Content-Length: 0
Content-Type: text/html; charset=UTF-8
+++CLOSE 1652+++

+++GET 1653+++
GET /mirror/mozilla.org//firefox/releases/3.0/win32/en-GB/Firefox%20Setup%203.0.exe HTTP/1.1
Host: mozilla.mirror.pop-sc.rnp.br
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.mozilla-europe.org/en/firefox/
Pragma: no-cache
Cache-Control: no-cache
Connection: keep-alive
Browser reload detected...

+++RESP 1653+++
HTTP/1.1 200 OK
Date: Mon, 07 Jul 2008 11:30:05 GMT
Server: Apache/2.2.3 (Debian)
Last-Modified: Wed, 11 Jun 2008 09:18:22 GMT
ETag: "6c83f6-6fdc30-86b05380"
Accept-Ranges: bytes
Content-Length: 7330864
Content-Type: application/x-msdos-program


-----------------------------And now the simple click

*** Log Reset ***

+++GET 1654+++
GET /img/__utm.gif?utmwv=6.1&utmn=2114029405&utmsr=1280x1024&utmsc=32-bit&utmul=en-gb&utmje=1&utmjv=1.5&utmfl=9.0%20%20r124&utmdt=Firefox%20web%20browser%20%7C%20Faster%2C%20more%20secure%2C%20%26%20customizable%20%7C%20Mozilla%20Europe&utmhn=www.mozilla-europe.org&utmp=/download-tracking/en-GB/firefox-3.0/win/using%3Agecko-other HTTP/1.1
Host: www.mozilla-europe.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.mozilla-europe.org/en/firefox/
Cookie: __utmz=210549513.1213877639.2.2.utmccn=(organic)|utmcsr=google|utmctr=firefox|utmcmd=organic; __utma=210549513.986463487.1213870538.1213877639.1215430023.3; __utmb=210549513; __utmc=210549513
Connection: keep-alive

+++GET 1655+++
GET /?product=firefox-3.0&os=win&lang=en-GB HTTP/1.1
Host: download.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.mozilla-europe.org/en/firefox/
Cookie: __utma=150903082.1648270781.1189682091.1202819841.1214998321.8; dmo=10.2.81.4.1213870681109005; __utmz=150903082.1214998321.8.1.utmccn=(referral)|utmcsr=developer.mozilla.org|utmcct=/en/docs/Bug_writing_guidelines|utmcmd=referral
Connection: keep-alive
+++CLOSE 1654+++

+++RESP 1655+++
HTTP/1.1 302 Found
Date: Mon, 07 Jul 2008 11:34:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, private
Pragma: no-cache
Location: http://mozilla-east.superbhosting.net/firefox/releases/3.0/win32/en-GB/Firefox%20Setup%203.0.exe
Content-Length: 0
Content-Type: text/html; charset=UTF-8
+++CLOSE 1655+++

+++GET 1656+++
GET /firefox/releases/3.0/win32/en-GB/Firefox%20Setup%203.0.exe HTTP/1.1
Host: mozilla-east.superbhosting.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.mozilla-europe.org/en/firefox/
Range: bytes=0-
If-Range: Wed, 11 Jun 2008 09:18:22 GMT
Connection: keep-alive

+++RESP 1656+++
HTTP/1.1 206 Partial Content
Server: nginx/0.6.31
Date: Mon, 07 Jul 2008 11:33:58 GMT
Content-Type: application/octet-stream
Content-Length: 7330864
Last-Modified: Wed, 11 Jun 2008 09:18:22 GMT
Connection: keep-alive
Content-Range: bytes 0-7330863/7330864

----------------------------------

Notice how the simple click sends cookies, but the Save link as did not.
(note that my original testing was done on a separate site, I am developing internally, however the getfirefox page also demonstrates the same problem).

Original testing was done in normal mode, but the above testing was done in safe mode.  The above to tests both 'successfully' downloaded the file, as this site clearly doesn't require the cookie, but the site I am developing (and others, I'm sure) won't serve the file if the cookie is missing.

Comment 4

11 years ago
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0

I am seeing this bug as well. I have an invoicing system written in PHP with cookie-based verification. Attempting to download the invoices with "Save link as" is throwing validation errors now (as if the cookies didn't exist). This does not happen in FF 1.5, FF 2.0 or any other browser I have tried it in (they allow me to download the link properly).

I created a very simple PHP sample that clearly demonstrates this problem:
http://www.neuetech.com/sample-nocookies.php

Clicking on the "Save this file!" link will say "Cookie found!". If you instead right click and choose "Save Link As...", save it to say "temp.txt", then view that file, it will say "No cookie was found!" from FF3.

Comment 5

11 years ago
Created attachment 329547 [details]
Simple PHP script that shows the problem

This is a very simple test script that shows the problem.
It works for me.
Can you install the latest trunk ( http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ ) and test this bug in safe mode, or better with a blank profile? Disable also all plugins temporary.

If it works in this way, but not with your normal profile, probably it's a problem caused by an extension. So try to disable them one-by-one.

When you find the problematic extension(s), inform us and its author, and change the resolution of this bug to invalid.

Comment 7

11 years ago
(In reply to comment #6)
> It works for me.
> Can you install the latest trunk (
> http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ ) and
> test this bug in safe mode, or better with a blank profile? Disable also all
> plugins temporary.

I tried several things to get this to function in FF3. First, I disabled every plugin in FF3. Then, I downloaded the latest trunk file as you suggested. Then I tried disabling all plugins in that. Then I tried running it in safe mode. Not a single method allowed me to download the file properly.

I installed the same trunk file on a different computer (running Windows XP SP3 instead of Windows XP x64 SP2) and it worked just fine.
(In reply to comment #7)
> I installed the same trunk file on a different computer (running Windows XP SP3
> instead of Windows XP x64 SP2) and it worked just fine.
> 

Can you test it in Windows Safe Mode?

Comment 9

11 years ago
(In reply to comment #8)
> Can you test it in Windows Safe Mode?

My system has never been able to boot into Safe Mode, but that is beside the point. I tried again for humor's sake, but still no go. I do not know what getting into Safe Mode will accomplish in any case.

I do not have a spare Windows XP x64 system to test this on, but I tested on many other OSes (Windows XP SP2 and SP3, Windows 2003, Ubuntu 8.04 x86 and x64) and none of them have the problem. That's all fine and dandy, but this is my personal system and it is not functioning on it. FF1.5, FF2, Safari, Opera, IE6, IE7, etc. all work just fine on my system, but I don't want to have to revert back to FF2 for my primary browser. The fact that all prior versions work on this PC and it does NOT work on FF3 means that there is a problem with FF3. The fact that the person who posted this bug, Steve Sutton, also has this problem points to a potential issue in FF3, though he seems to be using Windows XP 32bit (Win NT 5.1)...
(In reply to comment #9)
> I do not know what getting into Safe Mode will accomplish in any case.
> 

This excludes problems with other running programs, for example a cookie blocker.

Steve Sutton, can you do the test I suggested in Comment #6?
Keywords: qawanted
Ah, I forgot to say: test the bug with the testcase provided by Memso:
https://bugzilla.mozilla.org/attachment.cgi?id=329547

Comment 12

11 years ago
I have discovered how to cause this bug. Go to "Tools > Options" ("Edit > Preferences" in Linux). Click on the "Privacy" section. Uncheck "Accept third-party cookies". Click OK.

If I check that box, my browser will start sending the cookies when attempting to save the file.

With me being a bit of a security nut turned this off the moment I installed FF3, just like I had in FF2.

Go to the sample link. It stops sending the cookie when saving the file. It shouldn't be counting the link as a third party site, but it is.

Tested on: Windows XP SP3, Windows XP Pro x64 SP2 and Ubuntu v8.04 x86
I'm duping this to a newer bug because it has more information on what the problem is.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 437174
Status: RESOLVED → VERIFIED
Keywords: qawanted
(Reporter)

Comment 14

11 years ago
Just to confirm, I turned 3rd party cookies on, and my site did then work correctly.
(Assignee)

Updated

11 years ago
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.