Closed Bug 747387 Opened 13 years ago Closed 13 years ago

Firefox 11 not setting cookie if domain attribute set to ".is-very-nice.org"

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: shreenivas.zilli, Unassigned)

Details

Attachments

(1 file)

Firefox11_SetCookie_Header_Issues.txt
1.94 KB, text/plain
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0 Build ID: 20120312181643 Steps to reproduce: 1. I am running a web application with host "dbs.is-very-nice.org" 2. From my first request I am sending a cookie header with domain attribute set to ".is-very-nice.org" RESPONSE HEADER: (Status-Line) HTTP/1.1 200 OK Date Fri, 20 Apr 2012 14:21:26 GMT Set-Cookie JSESSIONID=0E83CCBBF3A0672C0731164BFB49889E; Domain=.is-very-nice.org; Path=/findflights/; HttpOnly Set-Cookie MY_TEST_COOKIE=MY_TEST_COOKIE_VALUE; Expires=Thu, 15-Jan-2015 14:21:26 GMT; Path=/findflights/ Content-Type text/html;charset=ISO-8859-1 Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked REQUEST HEADER: (Request-Line) GET /findflights/home.flt HTTP/1.1 Host dbs.is-very-nice.org User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip, deflate Connection keep-alive Actual results: 3. When I make second request only the MY_TEST_COOKIE is set in the next request header but the JSESSIONID cookie is not set in the header REQUEST HEADER for second request (Request-Line) GET /findflights/css/main.css HTTP/1.1 Host dbs.is-very-nice.org User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0 Accept text/css,*/*;q=0.1 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip, deflate Connection keep-alive Referer http://dbs.is-very-nice.org/findflights/home.flt Cookie MY_TEST_COOKIE=MY_TEST_COOKIE_VALUE Expected results: The cookie should be set in the request if the domain attribute set to any value including ".is-very-nice.org"
this works for me with Firefox11 and I used http://matti.no-ip.org/test.php for my test Load the page and this cookies are set >Set-Cookie: test=Test; expires=Fri, 20-Apr-2012 19:33:49 GMT; path=/; domain=.no-ip.org; httponly >Set-Cookie: test2=Test2; expires=Fri, 20-Apr-2012 19:33:49 GMT Reload the page and 2 cookies values are shown
(In reply to Matthias Versen (Matti) from comment #1) > this works for me with Firefox11 and I used http://matti.no-ip.org/test.php > for my test > Load > the page and this cookies are set > >Set-Cookie: test=Test; expires=Fri, 20-Apr-2012 19:33:49 GMT; path=/; domain=.no-ip.org; httponly > >Set-Cookie: test2=Test2; expires=Fri, 20-Apr-2012 19:33:49 GMT > > Reload the page and 2 cookies values are shown Hello Matthias, You are right it works fine if the domain attribute is set to anything other than ".is-very-nice.org" If you test it by setting the value of domain attribute as ".is-very-nice.org" then it wont work.
To reproduce it in any local environment (windows). 1. Update the [C|D|E|...]:\Windows\System32\drivers\etc\hosts file and point your local ip address 127.0.0.1 to any host which ends with .is-very-nice.org like sample.is-very-nice.org or matti.is-very-nice.org etc 2. Then test by setting some cookies in response header with domain attribute set to ".is-very-nice.org"
And can re test same example in Firefox earlier version Firefox 3.6.28 ... it wors perfectly
Thanks for the instructions but I know how to add entries to the host file or add it to my DNS :-) I didn't know that this is limited to this domain. 0[160f140]: ===== COOKIE NOT ACCEPTED ===== 0[160f140]: request URL: http://test.is-very-nice.org/test.php 0[160f140]: cookie string: test=Test; expires=Sat, 21-Apr-2012 06:18:41 GMT; path=/; domain=.is-very-nice.org; httponly test2=Test2; expires=Sat, 21-Apr-2012 06:18:41 GMT 0[160f140]: current time: Sat Apr 21 05:18:48 2012 GMT 0[160f140]: rejected because failed the domain tests works with a changed Domain: 0[150f140]: ===== COOKIE ACCEPTED ===== 0[150f140]: request URL: http://test.is--nice.org//test.php 0[150f140]: cookie string: test=Test; expires=Sat, 21-Apr-2012 06:30:33 GMT; path=/; domain=.is--nice.org; httponly test2=Test2; expires=Sat, 21-Apr-2012 06:30:33 GMT 0[150f140]: replaces existing cookie: false 0[150f140]: current time: Sat Apr 21 05:30:39 2012 GMT Note: If you want to test this you can use /test.php with either the current IP of matti.no-ip.org that changes every 24h or use [2001:4dd0:f8c6::2]
Status: UNCONFIRMED → NEW
Component: Untriaged → Networking: Cookies
Ever confirmed: true
Product: Firefox → Core
QA Contact: untriaged → networking.cookies
Hardware: x86_64 → All
Version: 11 Branch → Trunk
(In reply to Matthias Versen (Matti) from comment #5) > Thanks for the instructions but I know how to add entries to the host file > or add it to my DNS :-) > I didn't know that this is limited to this domain. > > 0[160f140]: ===== COOKIE NOT ACCEPTED ===== > 0[160f140]: request URL: http://test.is-very-nice.org/test.php > 0[160f140]: cookie string: test=Test; expires=Sat, 21-Apr-2012 06:18:41 GMT; > path=/; domain=.is-very-nice.org; httponly > test2=Test2; expires=Sat, 21-Apr-2012 06:18:41 GMT > 0[160f140]: current time: Sat Apr 21 05:18:48 2012 GMT > 0[160f140]: rejected because failed the domain tests > > works with a changed Domain: > 0[150f140]: ===== COOKIE ACCEPTED ===== > 0[150f140]: request URL: http://test.is--nice.org//test.php > 0[150f140]: cookie string: test=Test; expires=Sat, 21-Apr-2012 06:30:33 GMT; > path=/; domain=.is--nice.org; httponly > test2=Test2; expires=Sat, 21-Apr-2012 06:30:33 GMT > 0[150f140]: replaces existing cookie: false > 0[150f140]: current time: Sat Apr 21 05:30:39 2012 GMT > > Note: If you want to test this you can use /test.php with either the current > IP of matti.no-ip.org that changes every 24h or use [2001:4dd0:f8c6::2] Hi Mattias, Thanks for your confirmation, but my problem is I cant change my current domain, we have several cloud QA instances all having the host ending with ".is-very-nice.org". It works perfectly with the previous versions of firefox, and any other browsers, it is happenning only with latest Firefox11 version and that unluckly only for this domain :) I do tested it with many other subdomains and it works perfectly, but our requirement is to make it working for this domain ".is-very-nice.org". Please look or suggest the solution or just confirm that it a bug in Firefox11 so that I can convence our customer to change the domain. Thanks
>Please look or suggest the solution or just confirm that it a bug in Firefox11 so >that I can convence our customer to change the domain. I have confirmed the problem as you can see at the bug status.I can't explain the cause of this issue and I reproduced it several times because I couldn't believe it. I'm still unsure if I did something wrong. The cookie component is unfortunately a pretty stable component and I'm not sure if a developer is still working in this component. Another option would be our iber-developer Boris.He works everywhere in the codebase but is also overflooded with work :-( Fixing this issue could take some time....
Last good nightly: 2011-07-19 First bad nightly: 2011-07-20 Pushlog: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=a666b4f809f0&tochan ge=953f9620f395 the checkin from bug 531758 contains +is-very-nice.org You are not in control of the whole domain "is-very-nice.org". "a.is-very-nice.org" and "b.is-very-nice.org" are treated is different domains instead of just different subdomains. You would be able to steal cookies from "c.is-very-nice.org" if we wouldn't block this. This is working as expected, marking invalid Too bad that I didn't recognize this earlier as dyndns kind of domain.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Ok thanks for the confirmation. So from Firefox11 version onwords, the dyndns domain like .is-very-nice.org, .is-very-good.org, etc etc Firefox11 will not set the cookeis set with these kind of domain right? Only with Firefox11, we cant use any of the dyndns domain names as the sub domain names. Please confirm if I am correct... Thanks for the clarifications.
"a.is-very-good.org" and "b.is-very-good.org" are now handled treated as different domains rather than as different subdomains. 2 other examples: The domain "ebay.co.uk" can't set or read cookies for "google.co.uk" The domain "mozilla.com" can't set or read cookies for "google.com" The affected subdomains for dyndns are in this patch: https://bug531758.bugzilla.mozilla.org/attachment.cgi?id=544992 The PSL List is not only used by Firefox. Chrome and Opera are using the same list. You can of course still set cookies for "b.is-very-good.org" or ".b.is-very-good.org" but not ".is-very-good.org"
Hi all, I wonder I there is an about:config option to disable this PSL feature?
You can't disable this
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: