Bug 12872 - Session problems logging in to www.190.it (vodafone)
Summary: Session problems logging in to www.190.it (vodafone)
Status: RESOLVED DUPLICATE of bug 3512
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 523.x (Safari 3)
Hardware: Mac (Intel) OS X 10.4
: P2 Normal
Assignee: Nobody
URL: http://www.190.it
Keywords:
Depends on:
Blocks:
 
Reported: 2007-02-23 11:32 PST by Dario Meloni
Modified: 2007-02-26 12:53 PST (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dario Meloni 2007-02-23 11:32:36 PST
After loggin in this national vodafone website i can login as usual but as I try to take any action the next page is a session error message stating that i am not authenticated. I have already tried with the nightly build.
Comment 1 David Kilzer (:ddkilzer) 2007-02-25 09:53:46 PST
See also Bug 7738 and Bug 9893 and Bug 11868.


*** This bug has been marked as a duplicate of 3512 ***
Comment 2 Dario Meloni 2007-02-25 23:05:17 PST
I don't think this is a duplicate. This website never worked.
Comment 3 David Kilzer (:ddkilzer) 2007-02-26 05:40:57 PST
(In reply to comment #2)
> I don't think this is a duplicate. This website never worked.

Bug 3512 says the site worked under Panther (Mac OS X 10.3.x).  Did you try logging in with Safari on Panther, or just Tiger (10.4.x)?

After logging in using both Safari and Firefox, review the cookies set for the '.190.it' domain.  You'll notice that Safari has fewer cookies set than Firefox, which is why the site doesn't think you're authenticated.  That's the bug, and that's why this is a duplicate of Bug 3512.
Comment 4 Dario Meloni 2007-02-26 07:01:32 PST
It never worked, from when safari has ever been distributed.

I don't like to be problematic.. but here safari has one cookie more then firefox... (tested clearing all the cookies).
Safari has a cookie (named CAuthCookie), which there is not in firefox (just after the login).
Comment 5 David Kilzer (:ddkilzer) 2007-02-26 07:18:58 PST
(In reply to comment #4)
> It never worked, from when safari has ever been distributed.

That's good to know.

> I don't like to be problematic.. but here safari has one cookie more then
> firefox... (tested clearing all the cookies).
> Safari has a cookie (named CAuthCookie), which there is not in firefox (just
> after the login).

Are the cookies in the two browsers (more-or-less) identical except for the CAuthCookie?

Are there any cookies with a domain that starts with a period (like ".190.it" or ".www.190.it")?

If you delete the CAuthCookie in Safari after clearing all cookies and logging in successfully, does the site start working in Safari?

If you try to go one more page (after clearing all cookies and logging in), do the cookies in Safari and Firefox still match (with the exception of CAuthCookie)?

Thanks for following up on this, Dario.  Without being able to test it myself, it's certainly possible that Bug 3512 may not be a duplicate.

BTW, if you're an ADC member, it would be most helpful to test logging in with a recent Leopard build as I believe Bug 3512 has been fixed there already.

Comment 6 Dario Meloni 2007-02-26 07:45:11 PST
> Are the cookies in the two browsers (more-or-less) identical except for the
> CAuthCookie?

Identical.

> Are there any cookies with a domain that starts with a period (like ".190.it"
> or ".www.190.it")?

there is (in safari) e www.190.it cookie which in firefox is under the 190.it group.
But i have found CAuthCookie even in firefox (under .vodafone.it as safari does). They have the same cookies with (about) the same content.

> If you delete the CAuthCookie in Safari after clearing all cookies and logging
> in successfully, does the site start working in Safari?

it logs in but it still doesn't work

> If you try to go one more page (after clearing all cookies and logging in), do
> the cookies in Safari and Firefox still match (with the exception of
> CAuthCookie)?

They match. In safari i have noticed that a cookie (called JSESSIONID) is modified when trying to perform an action.

> Thanks for following up on this, Dario.  Without being able to test it myself,
> it's certainly possible that Bug 3512 may not be a duplicate.
> 
> BTW, if you're an ADC member, it would be most helpful to test logging in with
> a recent Leopard build as I believe Bug 3512 has been fixed there already.

I have tried in leopard and it works
Comment 7 David Kilzer (:ddkilzer) 2007-02-26 12:53:43 PST
(In reply to comment #6)
> there is (in safari) e www.190.it cookie which in firefox is under the 190.it
> group.
> But i have found CAuthCookie even in firefox (under .vodafone.it as safari
> does). They have the same cookies with (about) the same content.

The bug is that Safari (via the Foundation classes) does not send cookies with a domain of ".foo.bar" when a web site named "baz.foo.bar" is accessed (where "baz" is any legal hostname).  The cookies get set, but they don't get sent out with future requests.  (If you read far enough through the comments in Bug 3512 you'll see this conclusion is reached there, too.)

> I have tried in leopard and it works

If you try the test account for the webmail site in Bug 3512, you'll see that it works in Leopard as well.

I'm positive this bug is a duplicate of Bug 3512.  It's unfortunate that the Foundation bug fix has not been ported back to Tiger (10.4.x), though.



*** This bug has been marked as a duplicate of 3512 ***