Closed Bug 46514 Opened 25 years ago Closed 25 years ago

problems remembering forgetting log-in / log-out cookies bugzilla

Categories

(Core :: Networking: Cache, defect, P3)

Product:
Core
Component:
Networking: Cache
Platform:
x86
Other
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: johng, Assigned: neeti)

References

(
URL
)

Details

build 2000072508 (also ture with 0724 build) Start using bugzilla while you are logged out. Try to view bug 45168 or other "Netscape confidential" bug. You get "permission denied" since you need to log in first. Click the log-in button, and log-in. You get verification that you have logged-in. Now try to view this confidential bug 45168. It again says permission denied and indicates that you have not logged in. The opposite is also true. If, while using bugzilla, you manage to get really logged in so you can view bugs like 45168, now try to log out. It says you are logged out. Now try to view confidential bug 45168. You can view it immediately even though you should have gotten a "Permission denied" notice.
nsbeta3 nominee since cookie problems like this could lead to privacy concerns (you think you are logged out but you are not). Might be similar to other cookie bug 46512. This bug also indicates eradict recognition of cookies.
Keywords: nsbeta3
This is not a cookie problem, it's a cache problem. The cookies are indeed being set and deleted at the appropriate times. But I did observe the errant behavior indicated. Then I went and deleted my memory and disk cache from the prefs panel. After that it worked correctly. What is probably happening is that when you are logged out and fetch the 45168 bug, you get the permission-denied screen which gets cached. Then you login and again fetch the 45168 bug. But instead of getting it from the server, the caching system intervenes and decides to send you the same page that you got last time for this URL, namely the permission-denied screen. The caching system doesn't realize that your cookies have changed and therefore the server would have sent you a different response for that URL this time. Reassigning this to caching. You probably need to cache not just the URL, but also any cookies that were sent to that URL at the time that the fetch was made. This problem doesn't occur in 4.x. What are they doing in their caching that is different?
Assignee: morse → neeti
Component: Cookies → Networking: Cache
How about this for a suggestion - when you retrieve a page from cache, check if the cached page requests a cookie. If it does, and the creation date of the cookie is later than the cache date of the page, reload the page from the net.
Cookies don't have creation dates, only expiration dates.
Then maybe you should add a creation_timestamp field to cookies ?
That wouldn't be possible to do in a manner that would maintain backwards compatibility with existing cookie files.
Oh well, I just posted bug 46589 anyway :-)
Status: NEW → ASSIGNED
Target Milestone: --- → M18
*** Bug 47313 has been marked as a duplicate of this bug. ***
This bug has been fixed by the fix to bug 40449. Neeti
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.