Closed Bug 672469 Opened 11 years ago Closed 11 years ago

Verified by Visa payments fail on several UK websites


(Firefox :: General, defect)

5 Branch
Not set





(Reporter: tvk.moz, Unassigned)



User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20100101 Firefox/5.0
Build ID: 20110615151330

Steps to reproduce:

Several UK online shopping websites use the Verified by Visa system to verify credit/debit card payments. It opens an IFRAME displaying a page provided by the user's bank which asks for additional information (password) and then redirects back to the original website.

Actual results:

On several websites, for example National Lottery UK ( and King of Shaves (, the final redirect back to the seller's website fails. Instead, an error message is displayed by the seller's shop application ('Session expired' or similar) and the transaction cannot be completed.

This does not happen on all websites using Verified by Visa. East Coast Trains (, for instance, works fine.

Expected results:

The transaction should have completed successfully (as it does in Safari, on the same MacOS system).

I suspect this is an issue related to the way cookies are passed to pages opened in the IFRAME. Firefox's behaviour seems to differ from Safari and other browsers in this case.

This is a serious issue for users from the UK and possibly elsewhere, especially due to the sensitive nature of the error (you may be in the middle of a several hundred pound payment transaction - with no knowledge whether you have been charged or not!).
OS: Other → Mac OS X
Hardware: All → x86
tvk, did you disable third-party cookies?  If you reenable them, do you still see the problem?  If so, if you still leave them disabled but try a current Nightly build, do you see the problem there?
I do indeed seem to have disabled third-party cookies ('Accept third-party cookies' is not checked in the privacy settings) although I don't really remember changing the default setting for this.

I've just checked the settings in Safari and there third-party cookies seem to be disabled as well ('Accept cookies: Only from sites I visit [Block cookies from third parties and advertisers]') but I have no problems with Safari.

I'll give the current Nightly a try - I'll have to try find something cheap to buy first (for lack of a synthetic test...).
I get the session exipred on Verified by Visa on, FF 5.0 on Fedora Core 15. Had to use chrome to place my order.
Illtud: that doesn't answer my question from comment 1....
Boris: I'm at work now, so I don't have my home browser settings, but I probably have 3rd party cookies disabled, but I've always had 3rd party cookies disabled and Verified by Visa has always worked for me until I moved to FF5.0. It may be just this retailer using it in an odd way. If I get a successful VbV from another retailer I'll post here about it. Unfortunately, testing is difficult, as it means placing an actual order, since Verified by Visa is the final step in authorizing payment.

This may be informative, it's the error message that VbV (or possibly the retailer) displayed when I submitted my VbV details:

> HTTP Status Code:     408
> HTTP Status Message:     The client failed to send a request in the time allowed by the server.
> Error Code :     5999
> Error Description :     The Session is invalid or has expired.

If you google around 'error 5999 firefox Verified by Visa' you'll see that we're not alone in getting this problem, eg:
(Old FF, but The VbV implementation I was using was a sagepay one, so may be related)

Possibly Sage Pay are using 3rd party cookies and other VbV implementations are not?
Yes, I realize you have 3rd party cookies disabled.  I'm mostly interested in an answer to the last question from comment 1.
This is not restricted to Visa as it happens with the MasterCard equivalent too (both via, even when the process doesn't prompt for extra information. Enabling third-party cookies fixes it. VbV that used to appear as the top level frame is now opening in the iframe regardless of the cookies setting.

Variations of session expired errors suggest that the problem is when returning to the merchant site that it no longer knows what the current session is. There is never an issue in the remote part of the process.
It works ok in Firefox 8.0a1 using the 2011-08-13 nightly build with third party cookies disabled. The POST that returns to the National Lottery website now has that site's cookies instead of no cookies.
> It works ok in Firefox 8.0a1 using the 2011-08-13 nightly build

Simon, thanks for checking that!  Does it also work for you using the Firefox 7 beta builds?  If so, I would expect that bug 664721 fixed this.
Depends on: 664721
It still doesn't work in Firefox 6.0.

I'd try 7.0b1 but almost none of my addons work with that version so it's not really a good test.
> It still doesn't work in Firefox 6.0.

That's expected: bug 664721 was fixed in 7 and later.

It's odd that you have addons working with 8.0a1 but not 7.0b1...
They don't work in 8.0a1 either but you weren't asking if it worked with a specific bug fix.

I applied to 6.0 and it works now.
Ah, excellent.  Thank you for testing that!
Closed: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 664721
You need to log in before you can comment on or make changes to this bug.