If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Firefox 3.5 always sets cookies on https Websites as "Encrypted connections only"

RESOLVED INVALID

Status

()

Firefox
Security
RESOLVED INVALID
8 years ago
8 years ago

People

(Reporter: christophe_waber, Unassigned)

Tracking

3.5 Branch
x86
Windows Vista
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 (CK-SwissPost) Firefox/3.5.3 (.NET CLR 3.5.30729) SwissPost/4.0

When I'm on a https page and the page ssets a normal Cookie "for any type of sessions"

see the corresponding "Live http headers" order from the website :
"Set-Cookie: language=de; Domain=.post.ch; Max-Age=31449600; Path="/"; Version=1; HttpOnly"

Firefox 3.5 sets a secure cookie (Firefox 3.0.7 didn't, it wrote a normal "for any type of session" cookie)

Reproducible: Always

Steps to Reproduce:
1. clear cash + cookies
2. navigate to a https page who sets a "non secure" cookie (I can't give the example because it needs a password)
3. 
Actual Results:  
Look in the cookies : it's "secure" i.e. for "encrypted connections only"

(I've had a look on it with the add-on "Live http headers" where I can see that the page sends the request right)

Expected Results:  
The cookie should be written like with Firefox 3.0.7 : "for any type of session" and not only for "Encrypted".
This "worksforme". 
  1. clear cookies
  2. go to https://addons.mozilla.org/
  3. check cookies -- none of them are "secure" cookies

(if you log in to addons.mozilla.org you'll get a secure-only session coookie, but just that one)

You obviously don't have a "stock" Firefox, you've got at least some "SwissPost/4.0" thing. Could this be one of your addons trying to be helpful?
(Reporter)

Comment 2

8 years ago
You are right, thank you.

The problem effectively comes from swisspost 4.0. But it works well on your example. So I think it is an internally Problem
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INVALID
Version: unspecified → 3.5 Branch
You need to log in before you can comment on or make changes to this bug.