User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:188.8.131.52) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:184.108.40.206) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0 When I'm on a https page and the page ssets a normal Cookie "for any type of sessions" see the corresponding "Live http headers" order from the website : "Set-Cookie: language=de; Domain=.post.ch; Max-Age=31449600; Path="/"; Version=1; HttpOnly" Firefox 3.5 sets a secure cookie (Firefox 3.0.7 didn't, it wrote a normal "for any type of session" cookie) Reproducible: Always Steps to Reproduce: 1. clear cash + cookies 2. navigate to a https page who sets a "non secure" cookie (I can't give the example because it needs a password) 3. Actual Results: Look in the cookies : it's "secure" i.e. for "encrypted connections only" (I've had a look on it with the add-on "Live http headers" where I can see that the page sends the request right) Expected Results: The cookie should be written like with Firefox 3.0.7 : "for any type of session" and not only for "Encrypted".
This "worksforme". 1. clear cookies 2. go to https://addons.mozilla.org/ 3. check cookies -- none of them are "secure" cookies (if you log in to addons.mozilla.org you'll get a secure-only session coookie, but just that one) You obviously don't have a "stock" Firefox, you've got at least some "SwissPost/4.0" thing. Could this be one of your addons trying to be helpful?
You are right, thank you. The problem effectively comes from swisspost 4.0. But it works well on your example. So I think it is an internally Problem