No portnumber in cookie management in NS 7.1 causes problems

Firefox, Thunderbird, SeaMonkey, Camino, Mozilla, Netscape 6/7/8/9, and all Gecko-based browsers discussion and support forum. (MozInfo701, Netscape Browser Archive)

No portnumber in cookie management in NS 7.1 causes problems

Postby skodvavi » Mon 16 Aug, 2004 8:27 pm

I have two web server installs on the same host, listening to HTTP request on different ports. Both have the same app deployed on them. The app uses form based authentication to login. I startup the two servers, access the app on server1 from NS7.1, and it sets a JSESSIONID cookie, with hostname (without port number). Next, I access the app on server2, it overwrites the previous JSESSIONID because hostname in the URL is same, though port number is not. Now when I access the app on server1, the browser sends back the wrong JSESSIONID, and thus I have to login again. Next access to app on server2, I have to login again -and so on. Is there a solution to this problem. I dont see this problem in NS 7.0, because that browser stores both hostname and portnumber, when storing the cookie.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
skodvavi
new member
new member
 
Posts: 2
Joined: Mon 16 Aug, 2004 7:54 pm

Postby Fulvio » Mon 16 Aug, 2004 11:31 pm

I don't have 7.0, but 1.7.2 has a Send for line, which is in every case, for every type of connection in Mozilla1.7.2 (presumed cousin to the who know when will be born 7.2. I am not sure if this is the place, but I can understand the frustration, with dial-up (I have cable).
UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; BCD2000; .NET CLR 1.1.4322)
A minority may be right, and a majority is always wrong.
~ Henrik Ibsen
WinXP, SP3, 512 MB, SM2.30, FF33, TB31.2, IE8.0 Ghostwall , Avast2014 Pro, also Toshiba Satellite laptop, 4GB, Win 8.1, IE11, Google Chrome 38
User avatar
Fulvio
Moderator
Moderator
 
Posts: 12099
Joined: Wed 19 Jun, 2002 10:08 am

it's intentional

Postby akbash » Tue 17 Aug, 2004 12:43 pm

skodvavi: The problem you describe has been reported to the Mozilla folks. (They develop the basic browser which AOL marketing occasionally modifies to make what they call "Netscape.") See for example bug 189784: cookies do not recognize port number and bug 227475: add port the cookie was received from. Fixing these bugs would require breaking bug 142803: Port is being stored as part of cookie domain.

Historically Mozilla/Netscape has flipflopped on whether cookies should be distinguished by port. Currently the browser does not, because of bug 142803. Sadly, the published cookie behaviour spec is open to some interpretation and even some points that are fairly clear are not followed precisely because websites exist which assume slightly off-spec behaviour implemented by slightly off-spec browsers. In my experience none of the browsers behave precisely the same at the fuzzy limits of the spec. The current feeling is that cookies should not be distinguished by port. This is nicely summarized in bug 142803 comment 28.

I believe that Mozilla discards all port information when storing cookies. Now, ha, my interpretation of the spec (RFC 2965) is that this is only mostly correct. And they say language was a useful invention. You can of course add comments to these bugs, hoping for a change. But please do so only if you know whereof you speak, and keep in mind that at least two bugs requesting a return of the older port-specific behaviour have been rejected.

Possible workaround: if these servers are located on a private LAN you could consider adding another DNS entry for the same host, to be used when accessing the other port number...
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a3) Gecko/20040811 Firefox/0.9.1+
akbash
silver member
silver member
 
Posts: 364
Joined: Mon 09 Feb, 2004 9:13 pm

is IE cookie management port aware?

Postby skodvavi » Wed 18 Aug, 2004 7:29 pm

Thanks, abkash for the detailed reply. My application works quite well with IE - so IE cookie management must be port aware. Comments in bug 142083 that you pointed to, mention that IE cookie management is unaware of ports. I dont quite get it. Infact, IE cookies being port agnostic has been listed as one of the reasons why Mozilla cookies have been made that way.
UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
skodvavi
new member
new member
 
Posts: 2
Joined: Mon 16 Aug, 2004 7:54 pm


Return to Firefox, SeaMonkey and Netscape

Who is online

Registered users: Bing [Bot], Exabot [Bot], Google [Bot], Yahoo [Bot]