Closed
Bug 516370
Opened 15 years ago
Closed 15 years ago
Firefox 3.5 always sets cookies on https Websites as "Encrypted connections only"
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: christophe_waber, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0
When I'm on a https page and the page ssets a normal Cookie "for any type of sessions"
see the corresponding "Live http headers" order from the website :
"Set-Cookie: language=de; Domain=.post.ch; Max-Age=31449600; Path="/"; Version=1; HttpOnly"
Firefox 3.5 sets a secure cookie (Firefox 3.0.7 didn't, it wrote a normal "for any type of session" cookie)
Reproducible: Always
Steps to Reproduce:
1. clear cash + cookies
2. navigate to a https page who sets a "non secure" cookie (I can't give the example because it needs a password)
3.
Actual Results:
Look in the cookies : it's "secure" i.e. for "encrypted connections only"
(I've had a look on it with the add-on "Live http headers" where I can see that the page sends the request right)
Expected Results:
The cookie should be written like with Firefox 3.0.7 : "for any type of session" and not only for "Encrypted".
Comment 1•15 years ago
|
||
This "worksforme".
1. clear cookies
2. go to https://addons.mozilla.org/
3. check cookies -- none of them are "secure" cookies
(if you log in to addons.mozilla.org you'll get a secure-only session coookie, but just that one)
You obviously don't have a "stock" Firefox, you've got at least some "SwissPost/4.0" thing. Could this be one of your addons trying to be helpful?
Reporter | ||
Comment 2•15 years ago
|
||
You are right, thank you.
The problem effectively comes from swisspost 4.0. But it works well on your example. So I think it is an internally Problem
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Version: unspecified → 3.5 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•