Closed Bug 73964 Opened 24 years ago Closed 24 years ago

can't login to compuserve webmail (stream converter problem)

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla0.9

People

(Reporter: jud, Assigned: morse)

References

(
URL
)

Details

(Keywords: qawanted)

1- goto www.compuserve.com 2- click on computing 3- provide compuserve user name and password. 4- user is presented w/ the following We were able to validate your login ... your browser did not accept the login session cookie. Hence you can't access this content area at this time.
Blocks: 64833
Keywords: mozilla0.9
severity -> major. need to know why this doesn't work.
Severity: normal → major
I'm on it.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9
Problem appears to be that a cookie which is received is never sent back. Specifically the cookie named SESSAUTH which has a value that is 240 characters long. Don't know why yet. Here are the sequence of events from traffic captured using a 4.x browser (success case) and a mozilla browser (failure case). The cookies followed by a question mark are sent in the failure case only. << bunch of binary traffic >> send: GET /both_no_qc_wam? no cookies sent receive: Location: http://login.compuserve.com/login/LoginSuccess.asp? no cookies set send: GET /login/LoginSuccess.asp? Cookie: WAPref, WAUrl, (ASPSESSIONIDGQQQQHXC, ASPSESSIONIDGGGQQILN)? receive: set-cookie: WAUrl, WAFlag, SESSAUTH location: http://login.compuserve.com/login/LoginSetCheck.asp send: GET /login/LoginSetCheck.asp cookie: ASPSESSIONIDGQQQQHXC, WAPref, WAFlag, (ASPSESSIONIDGGGQQILN)? missing SESSAUTH receive: bad case: <TITLE>No Login Cookie!</TITLE> followed by error message good case: <title>Object moved</title> and redirects you to http://www.compuserve.com/login?
OK, there's more than one problem here. First there's a bug in the cookie module as follows. When cookies are being sent out to the server, we loop through the cookie list looking for cookies that belong to that server and send them out. While looping we also check each cookie to see if it expired and we delete it from the list if it is. But we do not alter the index which we are using to loop through the list. So, for example if we determine cookie at position 3 has expired, we delete it and then go and test cookie at position 4. But the act of deletion has moved all cookies higher than #3 down one position. So the cookie at position 4 is really the cookie that used to be at position 5. Note that we completely skipped over the cookie that was originally at position 4 and never tested it. And if that cookie belongs to the server in question, it will not get sent although it is suposed to. Note that many things have to all come together in order to hit this problem. Specifically the list contains a cookie that has expired followed immediately by a cookie that is supposed to get sent to the server. It's not a likely event and normally not a very reproducible one (the expiring cookie) if it does occur. But if the host itself expires its own cookies (for the purpose of deleting them), then this will be reproducible. And this is exactly what compuserve was doing. Well the fix for that is easy. I'll post it right here, inline, instead of making an attachment. In my next comment I'll discuss the next problem. Index: nsCookies.cpp =================================================================== RCS file: /cvsroot/mozilla/extensions/cookie/nsCookies.cpp,v retrieving revision 1.1 diff -u -r1.1 nsCookies.cpp --- nsCookies.cpp 2001/03/29 01:53:21 1.1 +++ nsCookies.cpp 2001/03/30 04:33:03 @@ -496,7 +496,7 @@ /* check for expired cookies */ if( cookie_s->expires && (cookie_s->expires < cur_time) ) { /* expire and remove the cookie */ - cookie_list->RemoveElementAt(i); + cookie_list->RemoveElementAt(i--); /* decr i so next cookie isn't skipp ed */ deleteCookie((void*)cookie_s, nsnull); cookie_changed = PR_TRUE; continue;
With the above patch made, we get much further. The error message does not occur and the browser requests and receives several more pages. It eventually gets the following response from the server. It is supposed to display a message (as indicated in the html below) and in a few seconds go to the next page. But instead it simply displays a blank page and nothing more happens. HTTP/1.0 403 Forbidden WWW-Authenticate: Remote-Passphrase Realm="nonsense", State="Failed" Expires: Tue, 01 Jan 1980 00:00:00 GMT Pragma: no-cache Content-Type: text/html Content-Encoding: 8bit Content-Length: 1357 <HTML> <HEAD> <TITLE>RPA Error Page - Access Denied</TITLE> <META HTTP-EQUIV="Refresh" CONTENT="0;url=http://www.compuserve.com/guestsignup/ RPA_AccessDenied.asp?refer=https%3a%2f%2flogin.compuserve.com%2flogin%2flogin.as p%3fOrigUrl%3dhttp%253a%252f%252fwww.compuserve.com%252fcomputing%252f%26RefUrl% 3dhttp%253a%252f%252fwww.compuserve.com%252fcompuserve%252fdefault.asp%26AuthUrl %3dhttp%253a%252f%252fwww.compuserve.com%252flogin&dest=http%3a%2f%2fwww.compuse rve.com%2fcomputing%2f&site=www.compuserve.com&type=im&GIDs="> </HEAD> <BODY BGCOLOR="FFFFFF"> <FONT FACE="Arial,Helvetica,Geneva" SIZE=-1><B> <P> CompuServe is in the process of sending you to another page... please wait. <P> Certain older browsers do not support this feature. If this message is displaye d for more than a few seconds, please <A HREF=http://www.compuserve.com/guestsig nup/RPA_AccessDenied.asp?refer=https%3a%2f%2flogin.compuserve.com%2flogin%2flogi n.asp%3fOrigUrl%3dhttp%253a%252f%252fwww.compuserve.com%252fcomputing%252f%26Ref Url%3dhttp%253a%252f%252fwww.compuserve.com%252fcompuserve%252fdefault.asp%26Aut hUrl%3dhttp%253a%252f%252fwww.compuserve.com%252flogin&dest=http%3a%2f%2fwww.com puserve.com%2fcomputing%2f&site=www.compuserve.com&type=im&GIDs=> click here</A> to go on, or contact Customer Service for more information. </B></FONT> </BODY> </HTML>
cc'ing some network folks because I now believe that with the cookie bug patch (given above), the remaining impediment to a successful compuserve login has to do with the server response (perhaps the 403 code). Incidentally, the lines in the response that read HTTP/1.0 403 Forbidden WWW-Authenticate: Remote-Passphrase Realm="nonsense", State="Failed" are normal. The same response is received when running the 4.x browser and you do get a successful login in that case.
r=valeski on the RemoveElementAt(i--); patch. Let's not start mixing bugs here, and open another one for the problem w/ the server response.
Could also be a layout problem because the META HTTP-EQUIV="Refresh" is never getting acted on (I'm not getting to a breakpoint set in ProcessHeaderData for the refresh). cc'ing harish.
Jud, it's not a case of "mixing" bugs. This bug report says we can't get to compuserve mail and even with the patch you just reviewed we still can't get to compuserve mail. We don't yet know why and it's only speculation on my part that it might be due to the server response.
cc'ing alecf for a superreview of the cookie patch presented above. But that still doesn't completely solve the problem.
we found a bug in the cookie code, let's fix that. independent of everythign else. mixing checkins to address a problem is, IMO, bad... it leads to "which checkin is causing more problems". I can make a bug that says "The browser should be faster" and we certainly wouldn't just lop all bugs into that.
OK, I broke out the cookie bug into bug 74112. This bug is still focused on why we can't do a successful compuserve login. Alecf, please put your sr in bug 74112 and not here. Thanks.
Component is unknown at this time but it definitely is not cookies. Updating component to browser-general.
Component: Cookies → Browser-General
reassign :(
Assignee: morse → asa
Status: ASSIGNED → NEW
Keywords: qawanted
QA Contact: tever → doronr
Oops, by reassigning this you completely took me off the list of people who get notified about this bug. Even though you've reassigned it, I'm still looking into this and trying to figure out how to fix it.
I'm not looking into this and trying to figure out how to fix it :)
Assignee: asa → morse
Keywords: nsbeta1
This seems to cause login errors at www.email.com and www.scmp.com. 2001040309 mac-trunk.
OK, I've returned to actively investigating this. With the fix to the cookie problem (bug 74112), we no longer get the message about session cookies not being accepted. Instead we get further and arrive at a blank screen. This is what I stated in my comment of 2001-03-29 20:42. I now have clues as to why we are getting the blank screen. It's due to the failure to find a stream converter to convert from "8-bit" to "uncompressed". Specifically, the following call in nsStreamConverterService.cpp on line 558 is failing: rv = FindConverter(cContractID, &converterChain); at this point the value of cContractID is "mozilla.org/streamconv;1?from=8bit&to=uncompressed" And, indeed, if you read the sourcecode in nsStreamConverterService.cpp you will see the comment // XXX curently we only handle a single from and to combo, we should repeat the // XXX registration process for any series of from-to combos. So it looks like the stream converter that we want has not yet been implemented. Not knowing how to implement a stream converter (or even what a stream converter is), I can at least work around this problem by commenting out the following lines in nsHTTPResponseListener.cpp: rv = mResponse->GetHeader(nsHTTPAtoms::Content_Encoding, getter_Copies(compressHeader)); This will cause us to ignore the header that says Content-Encoding: 8bit and consequently we never even try to use a stream converter.
So, continuing with my comment above, the good news is that we now know that the next problem causing compuserve login to fail is an unimplemented stream converter. And I have a work-around for that problem although we will need a real fix. The bad news is that although this allows us to get further along, we still don't get to do a successful compuserve login. Instead I now get to a page that says: This area can not be accessed by your account. This usually happens because: * Special permissions are required. * Availability is limited by geographic region. If you believe that your account should be able to access this area, please contact Customer Service at GO FEEDBACK to report the problem. If you would like to make another selection, click on your browser's back button to return to the previous page.
Status: NEW → ASSIGNED
Got it! The last problem is due to our user-agent string. If I modify the string so that we look like a 4.x browser, then compuserve lets us in. So our own company, compuserve, needs to be evangelized to accepting the N6/Mozilla browser. To demonstrate this I made the following change to nsHTTPRequest.cpp - SetHeader(nsHTTPAtoms::User_Agent, uaString.get()); + SetHeader(nsHTTPAtoms::User_Agent, "Mozilla/4.73 [en] (WinNT; U)"); And with that change I was able to successfully log on to compuserve. So let me summarize. There were three problems that prevented the compuserve login from succeeding: 1. Cookie problem which has since been fixed (bug 74112) 2. Unimplemented stream converter for "8-bit" 3. Compuserve is blocking the mozilla browser (needs evangelism help here) I just filed a separate bug on the evangelism issue. It's bug 75058.
With the cookie problem broken out and already fixed (bug 74112), and the evangelism broken out (bug 75058), the only issue left to be addressed in this bug report is the stream converter issue. Modifying the summary line to indicate that.
Summary: can't login to compuserve webmail → can't login to compuserve webmail (stream converter problem)
> So our own company, compuserve, needs to be evangelized to accepting the > N6/Mozilla browser. I contacted someone at CS. Thanks for the analysis, Steve.
Continuing my comment about stream converters, it appears that the following are the stream converters that we currently recognize: --- FROM --- --- TO --- text/ftp-dir-unix application/http-index-format" text/ftp-dir-nt application/http-index-format" text/gopher-dir application/http-index-format" multipart/x-mixed-replace */*" multipart/mixed */*" application/x-unknown-content-type */*" chunked unchunked" unchunked chunked" gzip uncompressed" x-gzip uncompressed" compress uncompressed" x-compress uncompressed" deflate uncompressed" text/plain text/html" application/http-index-format text/html" Note that the one needed for the compuserve page is from "8-bit" and that is not in the list
I'd like to propose the following patch to the stream converter problem and see if it will fly. Instead of returning an error message when we can't find a converter, simply don't do a conversion. In that way we can at least make an attempt to support any unrecognized conversions that might be encountered in the future. And it will solve the problem that we are having with the compuserve login. So the patch is simply the following. Any comments? Index: nsHTTPResponseListener.cpp =================================================================== RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHTTPResponseListener.cpp,v retrieving revision 1.149 diff -u -r1.149 nsHTTPResponseListener.cpp --- nsHTTPResponseListener.cpp 2001/03/20 22:42:03 1.149 +++ nsHTTPResponseListener.cpp 2001/04/08 18:10:35 @@ -478,8 +478,9 @@ mResponseDataListener, request, getter_AddRefs(converterListener)); - if (NS_FAILED(rv)) return rv; - mResponseDataListener = converterListener; + if (NS_SUCCEEDED(rv)) { + mResponseDataListener = converterListener; + } } }
I was mistaken above when I said that there was an evangelism issue with compuserve. I just ran some more tests, both with the real mozilla user-agent string and with the masqueraded 4.x string. I observed that in each case sometimes it worked and sometimes it didn't. I now realize that the success or failure is caused by the fact that I sometimes simplified my testing by going directly to www.compuserve.com/computing rather than going to www.compuserve.com and then clicking on the link for computing. In the latter case you are missing some cookies at the point at which you log in and that is why you get to the page saying "This area can not be accessed by your account". I must have changed my method of testing when I switched the user-agent string which caused me to erroneously concluded that it was an evengelism issue. I will post this comment in the evangelism bug (bug 75058) and close out that report. So the only issue blocking us from doing a successful compuserve login is the stream-converter problem for which I posted a proposed patch above.
The patch looks good to me. It's up to the consumers of the stream converter service to determine what action to take if a converter can't be found. For this 8bit conversion, it makes sense to just move along as though nothing happend. However, I suspect this will get nasty when other converters come down the pike that we don't handle. To get compuserve mail to work, the patch makes sense. However, I wonder if we should be throwing a dialog when we run into conversion we can't handle in HTTP.? That's another bug though. r=valeski on the HTTP patch. BTW. sending 8bit encoding as a content-encoding seems redundant to me; the content will be treated as 8bit anyway. sounds like a server misconfiguration.
cc'ing alecf for sr
steve: nice find... the code in nsHTTPServerListener::OnDataAvailable is definitely far from forgiving ;-) r/sr=darin
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Blocks: 75664
No longer blocks: 64833
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.