I have an account on this site. Using other browsers I am able to log in here, but using webkit I can't login with the same name/pw. (You can sign up for a free account on the site for testing.)
Created an account webkit-test, pass webkit. Confirming the problem, upping to P1 Major, since this is a major site. I'd like to know if other Lycos mail sites are affected as well. Testing with Safari after this to see if this is actually a regression.
Tested, this is NOT a regression. Probleem needs reduction, adding keyword.
This may be a duplicate of Bug 3512.
I see a difference with Bug 3512. As far as I know logging in at http://mail.lycos.nl has never worked in Safari. (3512 says that issue was a new one and did work in earlier versions.)
Whatever the cause, this still needs reduction :)
This is a duplicate of Bug 3512 (explanation below). However, I would suggest filing a Radar bug anyway and referencing <rdar://problem/4110617>, this Bugzilla bug, and Bug 3512 in the report since it's a different web site than the original report. (I suspect Apple will fix this in fairly short order since it could affect MANY different web sites, but that's pure speculation on my part.) If you're an ADC member, use: https://bugreport.apple.com/ If you're not an ADC member, use: http://developer.apple.com/bugreporter/bugrptform.html Below is the analysis. First, Safari submits an HTTP POST request to secure.mail.lycos.nl with the username and password to log in: POST /lsu/signin/action.jsp HTTP/1.1 Accept: */* Accept-Language: en Accept-Encoding: gzip, deflate Cookie: SECFREESESSIONID=kIZ7FQA7YFzb Referer: http://secure.mail.lycos.nl/services/signin/mail.jsp User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Safari/417.8 Content-Type: application/x-www-form-urlencoded Content-Length: 82 Connection: keep-alive Host: secure.mail.lycos.nl login=webkit-test&hiddenlogin=Gebruikersnaam&hiddenpassword=******&password=webkit Next the secure.mail.lycos.nl server returns a 302 redirect response along with 8 cookies to be set on the ".lycos.nl" domain: HTTP/1.1 302 Found Date: Wed, 25 Jan 2006 13:00:48 GMT Server: Apache/1.3.33 (Unix) Resin/2.1.12 mod_gzip/1.3.26.1a mod_ssl/2.8.22 OpenSSL/0.9.6c Cache-Control: max-age=86400 Expires: Thu, 26 Jan 2006 13:00:48 GMT Cache-Control: private Location: http://f012.mail.lycos.nl Content-Length: 63 Set-Cookie: lsua=d2Via2l0LXRlc3Q6V2Via2l0OlRlc3RlcjpubA%3D%3D; domain=.lycos.nl; path=/; expires=Mon, 24-Apr-2006 23:59:59 GMT Set-Cookie: lsub=5dcd6f09d1d6b1b05ab7cadad396272c1ef188bbdbcdaadcaed0389e01d34a9e0660a989db932ec7bb4575c1167b83e4b011ffcc86c2ea24dd22215333d32bc98134e91998074727e1db497bba646574e5a6; domain=.lycos.nl; path=/lsu/ Set-Cookie: lsud=26575a26f51f07ddfb2e0c86e4457b20%3A1138194048; domain=.lycos.nl; path=/ Set-Cookie: LBC=92c164b4b2f704d4d9f0d03d14d79ad; domain=.lycos.nl; path=/ Set-Cookie: SERVERS=f012.mail.lycos.nl#; domain=.lycos.nl; path=/ Set-Cookie: IDENTIFIANT=YRWYYSLTMQWLLZLZWSUTLKVNZXMWTMPZKLOVRLSTXXUVTPQOXUWRQTRYNNLVNLXZMXNXXXYNWNYVOVKY; domain=.lycos.nl; path=/ Set-Cookie: AUTH=26575a26f51f07ddfb2e0c86e4457b20; domain=.lycos.nl; path=/ Set-Cookie: ADPROFILE=01970000000000000000000000000FR00000; domain=.lycos.nl; path=/ Connection: close Content-Type: text/html The URL has moved <a href="http://f012.mail.lycos.nl">here</a> Safari then follows the 302 redirect, but fails to send ANY cookies to f012.mail.lycos.nl when I should have sent 7 of them (one had a path of "/lsu/" and should not have been sent): GET / HTTP/1.1 Accept: */* Accept-Language: en Accept-Encoding: gzip, deflate Referer: http://secure.mail.lycos.nl/services/signin/mail.jsp User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Safari/417.8 Connection: keep-alive Host: f012.mail.lycos.nl Firefox 1.5, on the other hand, sends the appropriate 7 cookies with its request at this stage: GET / HTTP/1.1 Host: f012.mail.lycos.nl User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://secure.mail.lycos.nl/services/signin/mail.jsp Cookie: ADPROFILE=01970000000000000000000000000FR00000; lsua=d2Via2l0LXRlc3Q6V2Via2l0OlRlc3RlcjpubA%3D%3D; lsud=c4e4775f9f942ea81d748957c62cc623%3A1138194141; LBC=52115396c45258005d8ee3902b17277; SERVERS=f012.mail.lycos.nl#; IDENTIFIANT=YRWYYSLTMQWLLZLZWSUTLKVNZXMWTMPZKLOVRLSTXXUVTPQOXUWRQTRYNNLVNLXZMXNXXXYNWNYVOVKY; AUTH=c4e4775f9f942ea81d748957c62cc623 Thus, this bug is a duplicate of Bug 3512. (In fact, if you look at the two web sites, they must be using the same webmail software since they're laid out similarly and use very similar URLs.) *** This bug has been marked as a duplicate of 3512 ***
Apple: <rdar://problem/4431359>
Added back keywords that were removed.
*sigh* This never had the Regression keyword.