Closed
Bug 864663
Opened 12 years ago
Closed 12 years ago
CSRF failure on stage after confirming PIN to make a purchase
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
2013-04-25
People
(Reporter: kumar, Assigned: kumar)
References
Details
Attachments
(3 files)
STR
- purchase app
- enter new email
- enter PIN
- confirm PIN
This doesn't happen after flashing and does not always happen. Attached is a log that shows HTTP requests/responses
Assignee | ||
Comment 1•12 years ago
|
||
This is on stage only
Assignee | ||
Updated•12 years ago
|
Summary: CSRF failure after confirming PIN to make a purchase → CSRF failure on stage after confirming PIN to make a purchase
Assignee | ||
Comment 2•12 years ago
|
||
Assignee | ||
Comment 3•12 years ago
|
||
Assignee | ||
Comment 4•12 years ago
|
||
New evidence: this happens in relation to specific persona emails. David kept seeing a CSRF even after re-flashing. When he switched persona emails it worked. I added a new http log with his failure.
Updated•12 years ago
|
Blocks: marketplace-payments
Updated•12 years ago
|
Assignee: amckay → nobody
Comment 7•12 years ago
|
||
How often do you see this? Any more you can tell us?
Comment 8•12 years ago
|
||
pretty often. Happened to me about 5 times yesterday. Kumar reflashed my phone and I needed to create a new persona account to fix. Happened also to others. So this is a very high priority. If there are further logs we can capture here, let us know.
Comment 9•12 years ago
|
||
I have rebooted my phone and still had this problem
Assignee | ||
Comment 10•12 years ago
|
||
We've only ever seen this on the stage site and I can't find any problem with the HTML form. Perhaps one machine in the server cluster isn't set up for sessions right or something like that. At first we thought it was related to specific persona accounts but that may not be true.
Comment 11•12 years ago
|
||
Sessions are all cookie based now. If you have something you want to test specifically let's CC Jason, I'm just not sure what to ask him based on comment 10
Assignee | ||
Comment 12•12 years ago
|
||
they aren't cookie based on webpay. They're still memcache in webpay which I think is the reason why it's failing on stage (more nodes). Jason and I are looking at it.
Assignee: nobody → kumar.mcmillan
Priority: -- → P1
Target Milestone: --- → 2013-04-25
Assignee | ||
Comment 13•12 years ago
|
||
thanks jason! From IRC, this was the issue:
jason: for stage we have two memcached hosts
jason: one of the memcached nodes kept restarting the memcached service
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 14•11 years ago
|
||
cookie sessions (bug 871850) should prevent this from happening in the future
You need to log in
before you can comment on or make changes to this bug.
Description
•