Open
Bug 780079
Opened 12 years ago
Updated 2 years ago
Cookies which have a domain starting with a '.' (dot) are considered third-party cookies by firefox
Categories
(Firefox :: Security, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: msilvoso, Unassigned)
Details
Attachments
(1 file)
23.18 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0.1 Build ID: 20120713134347 Steps to reproduce: Authentication (using the Luxtrust product) to www.guichet.lu or http://www.pt.lu/portal/CCPConnect?lang=en fails if the checkbox "Accept third-party cookies" is checked. Actual results: Apparently the session cookie's a domain starts with a '.' (.services-publics.lu for instance) which could be the reason for the failure. Expected results: According to RFC 6265 the cookie's domain should not start with a '.' I don't know if such a cookie should then be considered a third-party cookie by firefox and filtered out if the option is not checked.
Comment 1•12 years ago
|
||
Can you please attach a cookie log ? - https://developer.mozilla.org/en/Creating_a_Cookie_Log
This is a Luxtrust authentication (smart card), and cookies seem to be involved. It appears the problematic cookies are at lines greater than 1440 on both files. Manu
Updated•12 years ago
|
Component: Untriaged → Security
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•