Last Comment Bug 667818 - Can't login to Bankwest net banking with Firefox in Ubuntu
: Can't login to Bankwest net banking with Firefox in Ubuntu
Status: VERIFIED FIXED
[qa-]
:
Product: Core
Classification: Components
Component: Networking: Cookies (show other bugs)
: 5 Branch
: x86_64 Linux
: -- normal with 1 vote (vote)
: mozilla8
Assigned To: Boris Zbarsky [:bz] (still a bit busy)
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-27 19:39 PDT by Angus McLauchlan
Modified: 2011-09-26 05:24 PDT (History)
10 users (show)
bzbarsky: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
fixed
fixed


Attachments
cookie log (185.20 KB, text/plain)
2011-06-28 21:42 PDT, Angus McLauchlan
no flags Details
Ubuntu cookie log (problem environment) (10.33 KB, text/plain)
2011-07-15 01:53 PDT, Brent McArthur
no flags Details
Windows Cookie log (working environment) (6.73 KB, text/plain)
2011-07-15 01:54 PDT, Brent McArthur
no flags Details
Fix (4.61 KB, patch)
2011-07-21 19:50 PDT, Boris Zbarsky [:bz] (still a bit busy)
dwitte: review+
christian: approval‑mozilla‑aurora+
christian: approval‑mozilla‑beta+
Details | Diff | Splinter Review

Description Angus McLauchlan 2011-06-27 19:39:22 PDT
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0
Build ID: 20110622232440

Steps to reproduce:

Attempt to log into Bankwest net banking (after a successful login & logout) by visit http://www.bankwest.com.au and click 'Online Banking - Personal' or directly go to 'https://ibs.bankwest.com.au/BWLogin/rib.aspx', and type in username (Personal Access Number) and password (Secure Code) and click login.

Troubleshooting information:


  Application Basics

        Name
        Firefox

        Version
        5.0

        User Agent
        Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0

        Profile Directory

          Open Containing Folder

        Enabled Plugins

          about:plugins

        Build Configuration

          about:buildconfig

  Extensions

        Name

        Version

        Enabled

        ID

        Global Menu Bar integration
        1.0.6
        true
        globalmenu@ubuntu.com

        Ubuntu Firefox Modifications
        0.9.1
        true
        ubufox@ubuntu.com

        Adblock Plus
        1.3.8
        false
        {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

        DownThemAll!
        2.0.7
        false
        {DDC359D1-844A-42a7-9AA1-88A850A938A8}

        Firebug
        1.7.3
        false
        firebug@software.joehewitt.com

        Firecookie
        1.2.1
        false
        firecookie@janodvarko.cz

        Flash Video Downloader - Youtube Downloader
        2.0.24
        false
        artur.dubovoy@gmail.com

        Net Usage Item
        1.2.310
        false
        {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}

        nzbdStatus
        1.0.15.1
        false
        sabnzbdstatus@dq5studios.com

        Sothink Web Video Downloader for Firefox
        6.1
        false
        {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}

  Modified Preferences

      Name

      Value

        accessibility.typeaheadfind.flashBar
        0

        browser.places.importBookmarksHTML
        false

        browser.places.smartBookmarksVersion
        2

        browser.startup.homepage_override.buildID
        20110622232440

        browser.startup.homepage_override.mstone
        rv:5.0

        extensions.lastAppVersion
        5.0

        font.minimum-size.x-western
        12

        font.size.fixed.x-western
        14

        font.size.variable.x-western
        14

        network.cookie.prefsMigrated
        true

        places.database.lastMaintenance
        1309143741

        places.history.expiration.transient_current_max_pages
        118375

        places.last_vacuum
        1306229690

        print.print_printer
        Print to File

        print.printer_PostScript/default.print_bgcolor
        false

        print.printer_PostScript/default.print_bgimages
        false

        print.printer_PostScript/default.print_colorspace
        default

        print.printer_PostScript/default.print_command
        lpr ${MOZ_PRINTER_NAME:+-P"$MOZ_PRINTER_NAME"}

        print.printer_PostScript/default.print_downloadfonts
        false

        print.printer_PostScript/default.print_edge_bottom
        0

        print.printer_PostScript/default.print_edge_left
        0

        print.printer_PostScript/default.print_edge_right
        0

        print.printer_PostScript/default.print_edge_top
        0

        print.printer_PostScript/default.print_evenpages
        true

        print.printer_PostScript/default.print_footercenter

        print.printer_PostScript/default.print_footerleft
        &PT

        print.printer_PostScript/default.print_footerright
        &D

        print.printer_PostScript/default.print_headercenter

        print.printer_PostScript/default.print_headerleft
        &T

        print.printer_PostScript/default.print_headerright
        &U

        print.printer_PostScript/default.print_in_color
        true

        print.printer_PostScript/default.print_margin_bottom
        0.5

        print.printer_PostScript/default.print_margin_left
        0.5

        print.printer_PostScript/default.print_margin_right
        0.5

        print.printer_PostScript/default.print_margin_top
        0.5

        print.printer_PostScript/default.print_oddpages
        true

        print.printer_PostScript/default.print_orientation
        0

        print.printer_PostScript/default.print_page_delay
        50

        print.printer_PostScript/default.print_paper_data
        0

        print.printer_PostScript/default.print_paper_height
        279.40

        print.printer_PostScript/default.print_paper_name
        na_letter

        print.printer_PostScript/default.print_paper_size_type
        1

        print.printer_PostScript/default.print_paper_size_unit
        1

        print.printer_PostScript/default.print_paper_width
        215.90

        print.printer_PostScript/default.print_plex_name
        default

        print.printer_PostScript/default.print_resolution_name
        default

        print.printer_PostScript/default.print_reversed
        false

        print.printer_PostScript/default.print_scaling
        1.00

        print.printer_PostScript/default.print_shrink_to_fit
        true

        print.printer_PostScript/default.print_to_file
        false

        print.printer_PostScript/default.print_unwriteable_margin_bottom
        56

        print.printer_PostScript/default.print_unwriteable_margin_left
        25

        print.printer_PostScript/default.print_unwriteable_margin_right
        25

        print.printer_PostScript/default.print_unwriteable_margin_top
        25

        print.printer_Print_to_File.print_bgcolor
        false

        print.printer_Print_to_File.print_bgimages
        false

        print.printer_Print_to_File.print_colorspace
        default

        print.printer_Print_to_File.print_command
        lpr ${MOZ_PRINTER_NAME:+-P"$MOZ_PRINTER_NAME"}

        print.printer_Print_to_File.print_downloadfonts
        false

        print.printer_Print_to_File.print_edge_bottom
        0

        print.printer_Print_to_File.print_edge_left
        0

        print.printer_Print_to_File.print_edge_right
        0

        print.printer_Print_to_File.print_edge_top
        0

        print.printer_Print_to_File.print_evenpages
        true

        print.printer_Print_to_File.print_footercenter

        print.printer_Print_to_File.print_footerleft
        &PT

        print.printer_Print_to_File.print_footerright
        &D

        print.printer_Print_to_File.print_headercenter

        print.printer_Print_to_File.print_headerleft
        &T

        print.printer_Print_to_File.print_headerright
        &U

        print.printer_Print_to_File.print_in_color
        true

        print.printer_Print_to_File.print_margin_bottom
        0.5

        print.printer_Print_to_File.print_margin_left
        0.5

        print.printer_Print_to_File.print_margin_right
        0.5

        print.printer_Print_to_File.print_margin_top
        0.5

        print.printer_Print_to_File.print_oddpages
        true

        print.printer_Print_to_File.print_orientation
        0

        print.printer_Print_to_File.print_page_delay
        50

        print.printer_Print_to_File.print_paper_data
        0

        print.printer_Print_to_File.print_paper_height
        279.40

        print.printer_Print_to_File.print_paper_name
        na_letter

        print.printer_Print_to_File.print_paper_size_type
        1

        print.printer_Print_to_File.print_paper_size_unit
        1

        print.printer_Print_to_File.print_paper_width
        215.90

        print.printer_Print_to_File.print_plex_name
        default

        print.printer_Print_to_File.print_resolution_name
        default

        print.printer_Print_to_File.print_reversed
        false

        print.printer_Print_to_File.print_scaling
        1.00

        print.printer_Print_to_File.print_shrink_to_fit
        true

        print.printer_Print_to_File.print_to_file
        false

        print.printer_Print_to_File.print_unwriteable_margin_bottom
        56

        print.printer_Print_to_File.print_unwriteable_margin_left
        25

        print.printer_Print_to_File.print_unwriteable_margin_right
        25

        print.printer_Print_to_File.print_unwriteable_margin_top
        25

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_colorspace
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_downloadfonts
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_jobtitle
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_num_copies
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_orientation
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_paper_size
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_plex
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_printincolor
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_resolution
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.can_change_spoolercommand
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.colorspace.0.name
        default

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.colorspace.count
        1

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.has_special_printerfeatures
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.orientation.0.name
        portrait

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.orientation.1.name
        landscape

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.orientation.count
        2

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.0.height_mm
        210

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.0.is_inch
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.0.name
        A5

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.0.width_mm
        148

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.1.height_mm
        297

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.1.is_inch
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.1.name
        A4

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.1.width_mm
        210

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.2.height_mm
        420

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.2.is_inch
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.2.name
        A3

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.2.width_mm
        297

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.3.height_mm
        279

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.3.is_inch
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.3.name
        Letter

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.3.width_mm
        215

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.4.height_mm
        355

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.4.is_inch
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.4.name
        Legal

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.4.width_mm
        215

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.5.height_mm
        431

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.5.is_inch
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.5.name
        Tabloid

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.5.width_mm
        279

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.6.height_mm
        254

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.6.is_inch
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.6.name
        Executive

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.6.width_mm
        190

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.paper.count
        7

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.plex.0.name
        default

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.plex.count
        1

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.resolution.0.name
        default

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.resolution.count
        1

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.supports_colorspace_change
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.supports_downloadfonts_change
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.supports_jobtitle_change
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.supports_orientation_change
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.supports_paper_size_change
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.supports_plex_change
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.supports_printincolor_change
        true

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.supports_resolution_change
        false

        print.tmp.printerfeatures.CUPS/iP1600-TurboPrint.supports_spoolercommand_change
        false

        print.tmp.printerfeatures.PostScript/default.can_change_colorspace
        false

        print.tmp.printerfeatures.PostScript/default.can_change_downloadfonts
        false

        print.tmp.printerfeatures.PostScript/default.can_change_jobtitle
        false

        print.tmp.printerfeatures.PostScript/default.can_change_num_copies
        true

        print.tmp.printerfeatures.PostScript/default.can_change_orientation
        true

        print.tmp.printerfeatures.PostScript/default.can_change_paper_size
        true

        print.tmp.printerfeatures.PostScript/default.can_change_plex
        false

        print.tmp.printerfeatures.PostScript/default.can_change_printincolor
        true

        print.tmp.printerfeatures.PostScript/default.can_change_resolution
        false

        print.tmp.printerfeatures.PostScript/default.can_change_spoolercommand
        true

        print.tmp.printerfeatures.PostScript/default.colorspace.0.name
        default

        print.tmp.printerfeatures.PostScript/default.colorspace.count
        1

        print.tmp.printerfeatures.PostScript/default.has_special_printerfeatures
        true

        print.tmp.printerfeatures.PostScript/default.orientation.0.name
        portrait

        print.tmp.printerfeatures.PostScript/default.orientation.1.name
        landscape

        print.tmp.printerfeatures.PostScript/default.orientation.count
        2

        print.tmp.printerfeatures.PostScript/default.paper.0.height_mm
        210

        print.tmp.printerfeatures.PostScript/default.paper.0.is_inch
        false

        print.tmp.printerfeatures.PostScript/default.paper.0.name
        A5

        print.tmp.printerfeatures.PostScript/default.paper.0.width_mm
        148

        print.tmp.printerfeatures.PostScript/default.paper.1.height_mm
        297

        print.tmp.printerfeatures.PostScript/default.paper.1.is_inch
        false

        print.tmp.printerfeatures.PostScript/default.paper.1.name
        A4

        print.tmp.printerfeatures.PostScript/default.paper.1.width_mm
        210

        print.tmp.printerfeatures.PostScript/default.paper.2.height_mm
        420

        print.tmp.printerfeatures.PostScript/default.paper.2.is_inch
        false

        print.tmp.printerfeatures.PostScript/default.paper.2.name
        A3

        print.tmp.printerfeatures.PostScript/default.paper.2.width_mm
        297

        print.tmp.printerfeatures.PostScript/default.paper.3.height_mm
        279

        print.tmp.printerfeatures.PostScript/default.paper.3.is_inch
        true

        print.tmp.printerfeatures.PostScript/default.paper.3.name
        Letter

        print.tmp.printerfeatures.PostScript/default.paper.3.width_mm
        215

        print.tmp.printerfeatures.PostScript/default.paper.4.height_mm
        355

        print.tmp.printerfeatures.PostScript/default.paper.4.is_inch
        true

        print.tmp.printerfeatures.PostScript/default.paper.4.name
        Legal

        print.tmp.printerfeatures.PostScript/default.paper.4.width_mm
        215

        print.tmp.printerfeatures.PostScript/default.paper.5.height_mm
        431

        print.tmp.printerfeatures.PostScript/default.paper.5.is_inch
        true

        print.tmp.printerfeatures.PostScript/default.paper.5.name
        Tabloid

        print.tmp.printerfeatures.PostScript/default.paper.5.width_mm
        279

        print.tmp.printerfeatures.PostScript/default.paper.6.height_mm
        254

        print.tmp.printerfeatures.PostScript/default.paper.6.is_inch
        true

        print.tmp.printerfeatures.PostScript/default.paper.6.name
        Executive

        print.tmp.printerfeatures.PostScript/default.paper.6.width_mm
        190

        print.tmp.printerfeatures.PostScript/default.paper.count
        7

        print.tmp.printerfeatures.PostScript/default.plex.0.name
        default

        print.tmp.printerfeatures.PostScript/default.plex.count
        1

        print.tmp.printerfeatures.PostScript/default.resolution.0.name
        default

        print.tmp.printerfeatures.PostScript/default.resolution.count
        1

        print.tmp.printerfeatures.PostScript/default.supports_colorspace_change
        false

        print.tmp.printerfeatures.PostScript/default.supports_downloadfonts_change
        false

        print.tmp.printerfeatures.PostScript/default.supports_jobtitle_change
        false

        print.tmp.printerfeatures.PostScript/default.supports_orientation_change
        true

        print.tmp.printerfeatures.PostScript/default.supports_paper_size_change
        true

        print.tmp.printerfeatures.PostScript/default.supports_plex_change
        false

        print.tmp.printerfeatures.PostScript/default.supports_printincolor_change
        true

        print.tmp.printerfeatures.PostScript/default.supports_resolution_change
        false

        print.tmp.printerfeatures.PostScript/default.supports_spoolercommand_change
        true

        privacy.cpd.cache
        false

        privacy.cpd.downloads
        false

        privacy.cpd.formdata
        false

        privacy.cpd.history
        false

        privacy.cpd.sessions
        false

        privacy.sanitize.migrateFx3Prefs
        true

        privacy.sanitize.timeSpan
        0

        security.warn_viewing_mixed.show_once
        false

  Graphics

        GPU Accelerated Windows
        0/1


Actual results:

Does not login, instead shows time out error: "Your Internet Banking session has been timed out. Please log on." Try login again, still does not login and this time with no error message.


Expected results:

The cookies from ibs.bankwest.com.au for the first (successful login) session should have been cleared at end of session but they are not. I can successfully login if I delete these two cookies:
RdeContextID=; expires=Invalid Date; path=/; domain=ibs.bankwest.com.au
ONTCred=; expires=Invalid Date; path=/; domain=ibs.bankwest.com.au; HttpOnly

I have reported this bug to BankWest customer service with no more help than a stock answer of "clear your cookies" from them saying they only support Internet Explorer. This bug does not occur in Chrome in the same Ubuntu (Natty) installation. This bug is also discussed at https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/537293 where it is reported to occur only in Ubuntu 10.04+ and Fedora14, so far.
Comment 1 Matthias Versen [:Matti] 2011-06-28 11:34:15 PDT
Session cookies will be deleted when the session is over and that happens if you close Firefox. There is a difference between the session between Gecko and IE and probably Chrome. Each IE window is a different session.
The bank should however clear the stored cookies if you logout.

Could you attach a cookie log ?
https://developer.mozilla.org/en/Creating_a_Cookie_Log
But be careful, I don't know which information are stored in the cookies.
Comment 2 Angus McLauchlan 2011-06-28 21:42:21 PDT
Created attachment 542721 [details]
cookie log

Checked cookie-log for sensitive information - IP address and password may be in one of the hashes, but I have a dynamic IP and I changed the password as a pre-caution.
Comment 3 Angus McLauchlan 2011-06-28 21:54:34 PDT
Cookie-log generated by reproducing bug as stated above (started at www.bankwest.com.au).

Also tried closing firefox to end the session but cookie is not being cleared.

Is this a Firefox bug or a Bankwest bug?

I will produce more info as needed. Thank you very much for your debug effort.
Comment 4 Brent McArthur 2011-06-29 05:18:35 PDT
Hey Guys,

This bug affects me also but I guess it's worth explicitly pointing out that when using the same version of Firefox on Windows and repeating the same steps there bug does not occur. For this reason, I'm lead to believe there is some kind of difference between Ubuntu Firefox cookie handling compared to Windows Firefox cookie handling. Given the Bankwest sites works with all other mainstream browsers (including Firefox in Windows) it's unlikely to be a bankwest website problem.

If anyone needs any additional logs or anything from me please let me know.
Comment 5 Matthias Versen [:Matti] 2011-06-29 05:48:45 PDT
There are a few times :
expires=Mon, 29-Jun-1981 03:02:10 GMT
rejected because cookie has already expired

and they set cookies like this :
expires: Sun Dec 31 15:59:59 1899 GMT

Could you get problems because that before unix time zero ?

Can you please try this :
Try without addons: http://support.mozilla.com/en-US/kb/Safe+Mode
Try a Mozilla.org binary build :ftp://ftp.mozilla.org/pub/firefox/releases/5.0/
Create a windows cookie log with the exact same steps

NEW because we have multiple people with this problem
Comment 6 Boris Zbarsky [:bz] (still a bit busy) 2011-06-29 07:12:14 PDT
Are people seeing this on Nightly or on Aurora?  Or just on Firefox 5?  This seems like something that bug 659569 or bug 618835 might have fixed...
Comment 7 Brent McArthur 2011-07-04 15:40:35 PDT
Hey guys - I don't think it's the same bug as those other ones. This bug only appears to affect Linux users and it isn't resolved after restarting firefox. My guess is that matti is right in there is some kind of inconisitency between platform behavior due to the way dates are handled. 

The clarify - although this bug has only just been reported I've been experiencing it for 2 years now. So it's not something that has just shown up in v5. 

I hope to get some time later this week to send through some cookie logs highlighting the difference between Linux and windows cookie behavior. Watch this space.
Comment 8 Brent McArthur 2011-07-15 01:52:08 PDT
Hey Guys,

Sorry this took me a while. I feel a little uncomfortable attaching the entire raw cookie log files for security reasons. Replacing all the hashes etc. would have taken me a long time as there are lots of them. So what I've done is provided partial logs at a key point where I think the problem is likely to be visible - the Logout website event + the request of the login page for the 2nd time. I've also replaced all hashes etc. for security reasons.

The file names are named:

1. cookie-log-ubuntu01-(copy)-logout-part.txt
2. cookie-log-windows01-(copy)-logout-part.txt

The big difference I notice when I do a compare between the two files is the Working Windows version has cookie rejections for these reasons:

"rejected because previously stored cookie was deleted"
"rejected because cookie has already expired"

The ubuntu log has non of these such rejections.

But to drill down even closer to the problem you can see that the Ubuntu firefox accepts a cookie "name: ASP.NET_SessionId" cookie that expires "expires: Sun Dec 31 15:59:59 1899 GMT". Where as the windows version doesn't accept it stating "rejected because cookie has already expired".

This sounds like the issue to me given the symptoms when you go to login after just logging out in Ubuntu you receive the error saying session expired.

Thoughts? Is this a Linux time issue?
Comment 9 Brent McArthur 2011-07-15 01:53:27 PDT
Created attachment 546117 [details]
Ubuntu cookie log (problem environment)
Comment 10 Brent McArthur 2011-07-15 01:54:14 PDT
Created attachment 546118 [details]
Windows Cookie log (working environment)
Comment 11 Boris Zbarsky [:bz] (still a bit busy) 2011-07-15 08:21:01 PDT
This part from the Windows log is fishy:

0[62f140]: ===== COOKIE NOT ACCEPTED =====
0[62f140]: request URL: https://ibs.bankwest.com.au/CmWeb/Logout.aspx
0[62f140]: cookie string: ASP.NET_SessionId=; expires=Sun, 31-Dec-1899 16:00:00 GMT; path=/
ONTCred=; expires=Sun, 31-Dec-1899 16:00:00 GMT; path=/
SIGNOUT_URL=http%3a%2f%2fwww.bankwest.com.au%2fspecial_pages%2fIBS_Pages%2fIBS_Logout.asp%3fServiceType%3dBOBBWA; path=/
RdeContextID=; expires=Sun, 31-Dec-1899 16:00:00 GMT; path=/
ONTCred=ONTCred_replaced668; path=/; domain=ibs.bankwest.com.au; secure
0[62f140]: current time: Sat Jul 09 04:43:14 2011 GMT
0[62f140]: rejected because previously stored cookie was deleted
0[62f140]: 
0[62f140]: ===== COOKIE NOT ACCEPTED =====
0[62f140]: request URL: https://ibs.bankwest.com.au/CmWeb/Logout.aspx
0[62f140]: cookie string: ONTCred=; expires=Sun, 31-Dec-1899 16:00:00 GMT; path=/
SIGNOUT_URL=http%3a%2f%2fwww.bankwest.com.au%2fspecial_pages%2fIBS_Pages%2fIBS_Logout.asp%3fServiceType%3dBOBBWA; path=/
RdeContextID=; expires=Sun, 31-Dec-1899 16:00:00 GMT; path=/
ONTCred=ONTCred_replaced668; path=/; domain=ibs.bankwest.com.au; secure
0[62f140]: current time: Sat Jul 09 04:43:14 2011 GMT
0[62f140]: rejected because cookie has already expired

(the Linux log accepts both cookies).

Why is there the deleted thing going on on Windows?  Does that part happen with clean profiles?

In any case, the "ONTCred=" cookie with the same date is rejected on Windows but accepted on Linux.....
Comment 12 Brent McArthur 2011-07-15 15:22:36 PDT
I don't have any answers to your questions but even if Windows is doing fishy things somehow it ends up working for this website just like IE, Chrome, etc. Firefox on Linux is the only browser that seems to have issues with this site :(

Also, I should have said that I captured the cookie logs by starting firefox (both windows & ubuntu) with the following command line options

-private ( Disables extensions and themes for this session.)
-safe-mode ( Disables extensions and themes for this session.)

Versions of firefox are below but I don't think these are major factors given this problem has been around for years

Ubuntu Firefox: 5.0+build1+nobinonly-0ubuntu0.11.04.2
Windows Firefox: 5.0
Comment 13 Boris Zbarsky [:bz] (still a bit busy) 2011-07-15 16:52:29 PDT
Maybe I should have been clearer:

1)  Does the Windows login still work with a clean profile?  (Not just safe mode;
    an actual clean profile.)
2)  Does the Linux login still fail with a clean profile?
3)  Just to make sure, does the Linux login still fail with a mozilla.org build?
Comment 14 Brent McArthur 2011-07-16 21:24:26 PDT
Hey Boris,

1) The problem never exists in Windows - with our without a clean profile
2) The problem always exists in Linux - with or without a clean profile
3) I've never tried this. As Angus said above this also affects Fedora users. But if you can provide a link to a download a mozilla.org build or some instructions I can give that a try.

Here are the test steps I did with the clean profile

1. Go to https://ibs.bankwest.com.au/BWLogin/rib.aspx (loads fine Win/Linux)
2. Login (loads fine Win/Linux)
3. Logout (logout works Win/Linux)
4. Go to https://ibs.bankwest.com.au/BWLogin/rib.aspx (loads fine Win/Linux)
5. Login (works Win... Fails linux saying session expired).
Comment 15 Boris Zbarsky [:bz] (still a bit busy) 2011-07-16 22:17:52 PDT
You can get a mozilla.org build of Firefox 5 at http://releases.mozilla.org/pub/mozilla.org/firefox/releases/5.0/linux-i686/en-US/firefox-5.0.tar.bz2

Just untar somewhere (in /tmp) and then run.

If you want to try a current nightly instead (which you should _definitely_ make sure you run against a profile that's not your normal browsing profile), it's at http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/firefox-8.0a1.en-US.linux-i686.tar.bz2
Comment 16 Brent McArthur 2011-07-21 01:00:40 PDT
Well there you go. I ran through the test case with both the mozilla.org build of Firefox 5 as well as the Firefox Nightly 8.0a1 and for both the website worked correctly by allowing me to log in and out as many times as I wanted to.

Nice pickup Boris.

What does this mean exactly? Would ubuntu be modifying the build so much that they change the way cookies work?
Comment 17 Angus McLauchlan 2011-07-21 02:26:50 PDT
Thanks Matti & Boris. I can confirm success with the mozilla.org build of Firefox 5 and Nightly 8.0a1. I am very pleased to use the mozilla.org build.

I also have success with my profile from the Ubuntu build of Firefox 5, of course with most extensions not loading in the Nightly build.

I will notify the Ubuntu team about this problem.
Comment 18 Angus McLauchlan 2011-07-21 03:37:05 PDT
Umm bug replicated with the x86_64 mozilla.org build at http://releases.mozilla.org/pub/mozilla.org/firefox/releases/5.0/linux-x86_64/en-US/firefox-5.0.tar.bz2

Why would x86_64 build not function correctly when I'm running an Intel(R) Core(TM) i5 CPU M 480?
Comment 19 Brent McArthur 2011-07-21 04:41:36 PDT
I too am running 64bit ubuntu with an Intel(R) Core (TM) i7 Q720. Which confirms it seems to be a 64bit issue.
Comment 20 Boris Zbarsky [:bz] (still a bit busy) 2011-07-21 06:16:45 PDT
Ah, 64-bit vs 32-bit at least explains why it works on Windows builds (which are 32-bit).

I bet that plus comment 5 explains what's going on.  The 1899 date is actually expressible in a 64-bit build, and comes before 1981.  But in a 32-bit build, 1899 would underflow to 2036 or so, which is after 1981.
Comment 21 Boris Zbarsky [:bz] (still a bit busy) 2011-07-21 06:25:04 PDT
Except wait.  That doesn't match comment 11.  Digging some more.
Comment 22 Boris Zbarsky [:bz] (still a bit busy) 2011-07-21 13:11:40 PDT
Ok, I think I know what's going on here.  The issue, I will bet, is this code in nsCookieService::GetExpiry:

3276     delta = expires / PR_USEC_PER_SEC - aServerTime;
...
3285   aCookieAttributes.expiryTime = aCurrentTime + delta;

The key issue is what types the variables are.  |expires| is a PRTime, which is a typedef for PRInt64, which is "long" if sizeof(long) == 8, and "long long" otherwise (well, or __int64 on Windows, but that doesn't matter).  aServerTime is a PRInt64.  The expiryTime member we're setting is a PRInt64.

The wrench in the works is that PR_USEC_PER_SEC is a macro that expands to 1000000UL (unsigned long constant).

So now say |expires| is negative (as it is here).  What happens when dividing by PR_USEC_PER_SEC?   That depends on whether a 64-bit signed int can represent all the values of unsigned long.  If it can (e.g. 32-bit builds) then the unsigned long is promoted to 64-bit signed int and the division is performed.  In this case that means the answer is negative.  But if it cannot (64-bit builds on Linux, where long is 8-bit) then both arguments are converted to 64-bit unsigned integers and the division is performed on those; the answer of course ends up _positive_.

So summary: PR_USEC_PER_SEC being unsigned is nuts, and that may be causing the problem here.  Let me try fixing that and seeing whether it fixes this bug.
Comment 23 Boris Zbarsky [:bz] (still a bit busy) 2011-07-21 18:52:54 PDT
There are builds with a proposed fix for this bug at https://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/bzbarsky@mozilla.com-fe499385fdc1/try-linux64/

Brent, Angus, would you be willing to try them out?
Comment 25 Boris Zbarsky [:bz] (still a bit busy) 2011-07-21 19:50:23 PDT
Created attachment 547594 [details] [diff] [review]
Fix

Angus, thank you for testing that
Comment 26 Angus McLauchlan 2011-07-21 20:10:07 PDT
Thank you Boris for your bug-zapping efforts. Do you expect to see this corrected code in the Ubuntu x86_64 build in the near future?
Comment 27 Boris Zbarsky [:bz] (still a bit busy) 2011-07-21 20:38:45 PDT
Angus, I'm not quite sure what Ubuntu's current update policy is, but I expect this to ship in an official mozilla.org release, if everything goes right, in early November (maybe late September if we backport to Aurora).  I would guess it would appear in the Ubuntu builds around then too.
Comment 28 Brent McArthur 2011-07-22 05:57:23 PDT
Hey Guys,

I tried to test by downloading https://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/bzbarsky@mozilla.com-fe499385fdc1/try-linux64/firefox-8.0a1.en-US.linux-x86_64.tar.bz2 but for some reason when I went to execute the firefox executable it just did nothing. Firefox never even opened.

So not sure what I've done wrong but if it's worked for Angus my guess is the bug is fixed.

Many thanks Boris for your efforts! Greatly appreciated.
Comment 29 Brent McArthur 2011-07-22 21:20:23 PDT
Got the build to run and the bug is fixed for me. Thanks again.
Comment 30 dwitte@gmail.com 2011-07-26 12:40:50 PDT
Comment on attachment 547594 [details] [diff] [review]
Fix

r=dwitte
Comment 31 Boris Zbarsky [:bz] (still a bit busy) 2011-07-26 13:35:29 PDT
http://hg.mozilla.org/integration/mozilla-inbound/rev/2429a81db426
Comment 32 Boris Zbarsky [:bz] (still a bit busy) 2011-07-26 13:37:39 PDT
Comment on attachment 547594 [details] [diff] [review]
Fix

This is a pretty safe fix that only affects 64-bit builds (so Mac and Linux only) and fixes an obvious bug in the cookie code's date handling there.  I think we should take this on Aurora and at least consider taking this on Beta, since it's keeping some users from doing online banking...  That said, this is not a regression from Fx5, so I can understand it if we decide to not take it on the branches.
Comment 33 christian 2011-07-26 15:00:39 PDT
Comment on attachment 547594 [details] [diff] [review]
Fix

Approved for mozilla-aurora and mozilla-beta. Please land asap.
Comment 34 Boris Zbarsky [:bz] (still a bit busy) 2011-07-26 19:15:00 PDT
http://hg.mozilla.org/releases/mozilla-aurora/rev/745a1128eeff
http://hg.mozilla.org/releases/mozilla-beta/rev/b80ec61fce78

New shipping ETA: in 3 weeks.
Comment 35 Marco Bonardo [::mak] 2011-07-27 03:29:59 PDT
http://hg.mozilla.org/mozilla-central/rev/2429a81db426
Comment 36 Angus McLauchlan 2011-08-07 00:32:38 PDT
Comment on attachment 542721 [details]
cookie log

DELETED
Comment 37 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-09-22 15:37:11 PDT
qa+ for verification on Firefox 7
Comment 38 Virgil Dicu [:virgil] [QA] 2011-09-23 06:45:30 PDT
Setting to qa? as a Personal Access Number and a Secure Code at Bankwest is needed to verify this issue.
Comment 39 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-09-23 09:57:57 PDT
(In reply to Virgil Dicu [QA] from comment #38)
> Setting to qa? as a Personal Access Number and a Secure Code at Bankwest is
> needed to verify this issue.

Given that information, I think QA will not be able to verify this fix. Angus, can you please test if this is now fixed for you in Firefox 7?
Comment 40 Brent McArthur 2011-09-23 20:50:41 PDT
I'm happy to give this a test. What release should I use? When I look in http://releases.mozilla.org/pub/mozilla.org/firefox/releases/latest/linux-x86_64/en-US/ All i can see is version 6 not 7.
Comment 41 Virgil Dicu [:virgil] [QA] 2011-09-25 23:47:24 PDT
If you wish to verify, you can use this build (the release candidate for Firefox 7-the official release is coming soon):
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/7.0-candidates/build2
Comment 42 Brent McArthur 2011-09-26 05:21:30 PDT
Hey Everyone,

TEST PASSED for Firefox 7.

I just tested with this release ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/7.0-candidates/build2/linux-x86_64/en-US/firefox-7.0.tar.bz2 and I couldn't replicate the bug.

So all looks good to me. Thanks everyone.
Comment 43 Virgil Dicu [:virgil] [QA] 2011-09-26 05:24:09 PDT
Verified fixed based on comment 42. Thanks!

Note You need to log in before you can comment on or make changes to this bug.