Firefox 3.5 always sets cookies on https Websites as "Encrypted connections only"

RESOLVED INVALID

Status

()

RESOLVED INVALID
10 years ago
10 years ago

People

(Reporter: christophe_waber, Unassigned)

Tracking

3.5 Branch
x86
Windows Vista
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0

When I'm on a https page and the page ssets a normal Cookie "for any type of sessions"

see the corresponding "Live http headers" order from the website :
"Set-Cookie: language=de; Domain=.post.ch; Max-Age=31449600; Path="/"; Version=1; HttpOnly"

Firefox 3.5 sets a secure cookie (Firefox 3.0.7 didn't, it wrote a normal "for any type of session" cookie)

Reproducible: Always

Steps to Reproduce:
1. clear cash + cookies
2. navigate to a https page who sets a "non secure" cookie (I can't give the example because it needs a password)
3. 
Actual Results:  
Look in the cookies : it's "secure" i.e. for "encrypted connections only"

(I've had a look on it with the add-on "Live http headers" where I can see that the page sends the request right)

Expected Results:  
The cookie should be written like with Firefox 3.0.7 : "for any type of session" and not only for "Encrypted".
This "worksforme". 
  1. clear cookies
  2. go to https://addons.mozilla.org/
  3. check cookies -- none of them are "secure" cookies

(if you log in to addons.mozilla.org you'll get a secure-only session coookie, but just that one)

You obviously don't have a "stock" Firefox, you've got at least some "SwissPost/4.0" thing. Could this be one of your addons trying to be helpful?
(Reporter)

Comment 2

10 years ago
You are right, thank you.

The problem effectively comes from swisspost 4.0. But it works well on your example. So I think it is an internally Problem
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → INVALID
Version: unspecified → 3.5 Branch
You need to log in before you can comment on or make changes to this bug.