Closed
Bug 471971
Opened 16 years ago
Closed 8 years ago
too big BUGLIST cookie causes logout
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: literakl, Unassigned)
References
()
Details
Attachments
(5 files)
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); cs; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5 Build Identifier: 3.0.4 I use Firefox 3 and this oversized cookie BUGLIST causes that I am immediatelly logged out from bugzilla if it exists. If I remove this cookie, then I can log in and work. But when I redisplay long list of bugs, bugzilla loses my credentials from next page. Reproducible: Always Steps to Reproduce: 1. login 2. display list of 390+ bugs 3. click anywhere Actual Results: you are anonymous Expected Results: I am still logged in If you login, you become logged out again on subsequent click. It is neccessary to remove this cookie
Comment 1•16 years ago
|
||
Do you have some security software on your network or machine that might cause this?
Comment 2•16 years ago
|
||
Does this also happen with short lists of bugs?
Severity: major → normal
OS: Linux → All
Hardware: x86 → All
Version: unspecified → 3.0.4
Reporter | ||
Comment 3•16 years ago
|
||
I reproduced it with 220 bugs too, I will try to find smallest case later. I don't have any such software, it occured to me on windows laptop too.
Reporter | ||
Comment 4•16 years ago
|
||
the bugzilla is public, you can register and test yourself
Reporter | ||
Comment 5•16 years ago
|
||
it looks that I can use bugzilla correctly with konqueror, it may be FF 3.0.5 issue
Reporter | ||
Comment 6•16 years ago
|
||
I move this bug from bugzilla to firefox, IE works fine too
Component: Query/Bug List → General
Product: Bugzilla → Firefox
Version: 3.0.4 → 3.0 Branch
Updated•16 years ago
|
Assignee: query-and-buglist → nobody
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: default-qa → networking.cookies
Version: 3.0 Branch → 1.9.0 Branch
Reporter | ||
Comment 7•15 years ago
|
||
bugzilla 3.0.6 still suffers of this bug (both linux, windows)
Comment 8•15 years ago
|
||
Leos, can you generate a cookie log demonstrating the logout? you can follow the steps at https://developer.mozilla.org/en/Creating_a_Cookie_Log, and attach the logfile here. (also, please relogin to bugzilla, so we see that part in the log too.) not sure how bugzilla uses cookies otoh, but i'm guessing we're hitting the 4096-byte cookie limit or a path length limit or somesuch...
Reporter | ||
Comment 9•15 years ago
|
||
Initially some other site was opened (default page). Ten I opened bugzilla and I was logged. Then I opened the bug list and I still was logged in. Then I opened the first bug and I was not logged in. So I closed firefox and removed initial part from log that was relevant to initially opened site. I can imagine that the cookie size is too big, but firefox was working fine though until I upgraded recently (firefox 3.0.x). It used to work well. Konqueror and Internet explorer works fine.
Comment 10•15 years ago
|
||
nothing looks out of the ordinary in the cookie log, so this isn't the cookieservice's fault. my best guess is either a) necko truncating the Cookie: header before sending it, b) the packet getting truncated in transit, c) the bugzilla webserver truncating it. do you have access to the bugzilla server? if so you could try getting it to dump the cookies it receives (though i don't know anything about bugzilla code, or the http library it uses, to help with that). alternatively you could see if your firefox is doing it, which is likely given that you said this broke with fx3. can you use wireshark or similar to sniff network packets on your machine, and post the ones corresponding to the transactions in the cookie log?
Reporter | ||
Comment 11•15 years ago
|
||
We upgraded bugzilla and firefox (3.5.x) but this issue persists. I can work in other browsers, only firefox is broken. I created new user 'mozilla' with password 'firefox' for you.
Reporter | ||
Comment 12•15 years ago
|
||
oops, mozilla is real name, login is literaklREPLACEcentrum.cz
Reporter | ||
Comment 13•15 years ago
|
||
This part is interesting: (I will attach it completely) GET /show_bug.cgi?id=7 HTTP/1.1 Host: bugzilla.abclinuxu.cz User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009061621 Mandriva/1.9.0.11-0.1mdv2009.0 (2009.0) Firefox/3.0.11 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://bugzilla.abclinuxu.cz/buglist.cgi?cmdtype=runnamed&namedcmd=bugs Cookie: __utma=184452854.914029343.1231912841.1251865344.1251868132.246; __utmz=184452854.1237009868.138.3.utmccn=(organic)|utmcsr=google|utmctr=facebook+abclinuxu|utmcmd=organic; __utmc=184452854; __utmb=184452854; Bugzilla_login=413; Bugzilla_logincookie=qklhfZc7XI; LASTORDER=bug_status%2Cpriority%2Cassigned_to%2Cbug_id; BUGLIST=669%3A7%3A175%3A255%3A423%3A586%3A667%3A676%3A807%3A1041%3A1100%3A1128%3A1155%3A1212%3A1225%3A1228%3A1232%3A1233%3A1253%3A1327%3A209%3A639%3A1264%3A922%3A975%3A1140%3A598%3A704%3A705%3A5%3A10%3A13%3A20%3A23%3A27%3A29%3A36%3A62%3A73%3A75%3A85%3A87%3A93%3A94%3A173%3A247%3A254%3A275%3A319%3A334%3A335%3A362%3A365%3A377%3A388%3A397%3A405%3A413%3A422%3A425%3A426%3A431%3A435%3A439%3A445%3A454%3A476%3A483%3A487%3A492%3A494%3A508%3A509%3A511%3A513%3A524%3A527%3A528%3A534%3A537%3A548%3A559%3A561%3A563%3A571%3A572%3A578%3A579%3A582%3A592%3A597%3A599%3A602%3A605%3A615%3A616%3A620%3A622%3A623%3A624%3A626%3A637%3A641%3A643%3A648%3A653%3A655%3A661%3A663%3A665%3A680%3A691%3A692%3A693%3A697%3A702%3A706%3A711%3A715%3A723%3A728%3A733%3A735%3A740%3A745%3A750%3A757%3A763%3A770%3A773%3A774%3A777%3A778%3A779%3A780%3A784%3A788%3A793%3A795%3A796%3A816%3A818%3A820%3A824%3A825%3A827%3A830%3A831%3A836%3A837%3A838%3A839%3A841%3A843%3A846%3A847%3A850%3A852%3A853%3A854%3A855%3A860%3A863%3A871%3A873%3A878%3A881%3A882%3A885%3A886%3A887%3A891%3A892%3A900%3A901%3A902%3A906%3A907%3A908%3A909%3A911%3A914%3A918%3A924%3A925%3A931%3A932%3A934%3A935%3A936%3A938%3A940%3A944%3A948%3A952%3A955%3A957%3A958%3A961%3A964%3A965%3A966%3A967%3A968%3A973%3A977%3A983%3A985%3A989%3A990%3A991%3A1006%3A1007%3A1009%3A1013%3A1016%3A1020%3A1022%3A1023%3A1024%3A1026%3A1029%3A1030%3A1031%3A1034%3A1035%3A1036%3A1039%3A1040%3A1104%3A1131%3A1144%3A1182%3A1183%3A1188%3A1200%3A1211%3A1219%3A1223%3A1227%3A1249%3A1276%3A1312%3A1323%3A159%3A634%3A652%3A842%3A874%3A896%3A897%3A912%3A913%3A937%3A963%3A978%3A1032%3A1085%3A1179%3A1180%3A432%3A471%3A532%3A630%3A671%3A672%3A678%3A716%3A832%3A953%3A4%3A30%3A33%3A38%3A46%3A76%3A81%3A82%3A547%3A699%3A806%3A916%3A933%3A969%3A998%3A1143%3A1190%3A1199%3A1210%3A1254%3A200%3A226%3A743%3A1141%3A1301%3A1316%3A1238%3A380%3A384%3A549%3A822%3A1053%3A1054%3A1059%3A1061%3A1064%3A1069%3A1076%3A1077%3A1087%3A1098%3A1102%3A1105%3A1114%3A1118%3A1135%3A1137%3A1142%3A1146%3A1149%3A1150%3A1162%3A1166%3A1169%3A1170%3A1171%3A1178%3A1181%3A1186%3A1189%3A1192%3A1193%3A1195%3A1196%3A1197%3A1198%3A1201%3A1202%3A1207%3A1213%3A1215%3A1216%3A1220%3A1226%3A1229%3A1234%3A1235%3A1237%3A1240%3A1241%3A1243%3A1246%3A1252%3A1259%3A1262%3A1263%3A1267%3A1269%3A1270%3A1271%3A1272%3A1273%3A1274%3A1275%3A1277%3A1280%3A1281%3A1282%3A1283%3A1284%3A1285%3A1287%3A1288%3A1290%3A1292%3A1294%3A1295%3A1297%3A1298%3A1299%3A1300%3A1302%3A1303%3A1304%3A1307%3A1309%3A1310%3A1311%3A1313%3A1317%3A1319%3A1320%3A1328%3A1329%3A1043%3A1111%3A1116%3A1121%3A1147%3A1148%3A1151%3A1152%3A1153%3A1154%3A1159%3A1167%3A1194%3A1214%3A1248%3A1268%3A1279%3A1289%3A1293%3A1322%3A1168%3A1184%3A1242%3A1250%3A1251%3A1314%3A1330%3A9%3A78%3A227%3A268%3A272%3A376%3A392%3A415%3A447%3A459%3A736%3A875%3A992%3A877%3A1067%3A1091%3A1092%3A1094%3A866%3A6%3A43%3A53%3A54%3A96%3A329%3A337%3A400%3A488%3A502%3A503%3A507%3A606%3A646%3A696%3A722%3A799%3A1134%3A470%3A538%3A767%3A954%3A1113%3A118%3A650%3A988%3A71%3A39%3A1260%3A1088%3A1160%3A1097%3A1278%3A1308%3A695%3A1099%3A356%3A856%3A921%3A1157%3A1161 HTTP/1.1 200 OK Date: Wed, 02 Sep 2009 05:40:11 GMT Server: Apache Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 65d3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> Firefox sends all cookies, but bugzilla returns no cookie back and considers user as anonymous. So bugzilla fails to decode the cookies and the question is, whether they are in bad format (firefox bug) or not (bugzilla bug).
Reporter | ||
Comment 14•15 years ago
|
||
1) I was logged in, displayed votes 2) I opened filter 'bugs', still logged in 3) I opened one bug, not logged in
Reporter | ||
Comment 15•15 years ago
|
||
Reporter | ||
Comment 16•15 years ago
|
||
Reporter | ||
Comment 17•15 years ago
|
||
Updated•8 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•