Closed Bug 46514 Opened 24 years ago Closed 24 years ago

problems remembering forgetting log-in / log-out cookies bugzilla

Categories

(Core :: Networking: Cache, defect, P3)

Product:
Core
Component:
Networking: Cache
Platform:
x86
Other
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: johng, Assigned: neeti)

References

(
URL
)

Details

build 2000072508 (also ture with 0724 build)

Start using bugzilla while you are logged out.  Try to view bug 45168 or other
"Netscape confidential" bug.  You get "permission denied" since you need to log
in first.  Click the log-in button, and log-in.  You get verification that you
have logged-in.  Now try to view this confidential bug 45168.  It again says
permission denied and indicates that you have not logged in.

The opposite is also true.  If, while using bugzilla, you manage to get really
logged in so you can view bugs like 45168, now try to log out.  It says you are
logged out.  Now try to view confidential bug 45168.  You can view it
immediately even though you should have gotten a "Permission denied" notice.
nsbeta3 nominee since cookie problems like this could lead to privacy concerns
(you think you are logged out but you are not).

Might be similar to other cookie bug 46512.  This bug also indicates eradict
recognition of cookies.
Keywords: nsbeta3
This is not a cookie problem, it's a cache problem.  The cookies are indeed 
being set and deleted at the appropriate times.  But I did observe the errant 
behavior indicated.  Then I went and deleted my memory and disk cache from the 
prefs panel.  After that it worked correctly.

What is probably happening is that when you are logged out and fetch the 45168 
bug, you get the permission-denied screen which gets cached.  Then you login and 
again fetch the 45168 bug.  But instead of getting it from the server, the 
caching system intervenes and decides to send you the same page that you got 
last time for this URL, namely the permission-denied screen.  The caching system 
doesn't realize that your cookies have changed and therefore the server would 
have sent you a different response for that URL this time.

Reassigning this to caching.  You probably need to cache not just the URL, but 
also any cookies that were sent to that URL at the time that the fetch was made.

This problem doesn't occur in 4.x.  What are they doing in their caching that is 
different?
Assignee: morse → neeti
Component: Cookies → Networking: Cache
How about this for a suggestion - when you retrieve a page from cache, check if
the cached page requests a cookie. If it does, and the creation date of the
cookie is later than the cache date of the page, reload the page from the net.

Cookies don't have creation dates, only expiration dates.
Then maybe you should add a creation_timestamp field to cookies ?
That wouldn't be possible to do in a manner that would maintain backwards 
compatibility with existing cookie files.
Oh well, I just posted bug 46589 anyway :-)
Status: NEW → ASSIGNED
Target Milestone: --- → M18
*** Bug 47313 has been marked as a duplicate of this bug. ***
This bug has been fixed by the fix to bug 40449.

Neeti
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.