RESOLVED DUPLICATE of bug 3512 Bug 6728
Unable to login into mail.lycos.nl 
https://bugs.webkit.org/show_bug.cgi?id=6728
Summary Unable to login into mail.lycos.nl
Ruben Smits
Reported 2006-01-23 04:44:05 PST
I have an account on this site. Using other browsers I am able to log in here, but using webkit I can't login with the same name/pw. (You can sign up for a free account on the site for testing.)
Attachments
Add attachment proposed patch, testcase, etc.
Joost de Valk (AlthA)
Comment 1 2006-01-23 05:09:57 PST
Created an account webkit-test, pass webkit. Confirming the problem, upping to P1 Major, since this is a major site. I'd like to know if other Lycos mail sites are affected as well. Testing with Safari after this to see if this is actually a regression.
Joost de Valk (AlthA)
Comment 2 2006-01-23 05:14:45 PST
Tested, this is NOT a regression. Probleem needs reduction, adding keyword.
David Kilzer (:ddkilzer)
Comment 3 2006-01-24 10:55:11 PST
This may be a duplicate of Bug 3512.
Ruben Smits
Comment 4 2006-01-24 12:06:12 PST
I see a difference with Bug 3512. As far as I know logging in at http://mail.lycos.nl has never worked in Safari. (3512 says that issue was a new one and did work in earlier versions.)
Joost de Valk (AlthA)
Comment 5 2006-01-25 00:38:55 PST
Whatever the cause, this still needs reduction :)
David Kilzer (:ddkilzer)
Comment 6 2006-01-25 06:26:57 PST
This is a duplicate of Bug 3512 (explanation below). However, I would suggest filing a Radar bug anyway and referencing <rdar://problem/4110617>, this Bugzilla bug, and Bug 3512 in the report since it's a different web site than the original report. (I suspect Apple will fix this in fairly short order since it could affect MANY different web sites, but that's pure speculation on my part.) If you're an ADC member, use: https://bugreport.apple.com/ If you're not an ADC member, use: http://developer.apple.com/bugreporter/bugrptform.html Below is the analysis. First, Safari submits an HTTP POST request to secure.mail.lycos.nl with the username and password to log in: POST /lsu/signin/action.jsp HTTP/1.1 Accept: */* Accept-Language: en Accept-Encoding: gzip, deflate Cookie: SECFREESESSIONID=kIZ7FQA7YFzb Referer: http://secure.mail.lycos.nl/services/signin/mail.jsp User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Safari/417.8 Content-Type: application/x-www-form-urlencoded Content-Length: 82 Connection: keep-alive Host: secure.mail.lycos.nl login=webkit-test&hiddenlogin=Gebruikersnaam&hiddenpassword=******&password=webkit Next the secure.mail.lycos.nl server returns a 302 redirect response along with 8 cookies to be set on the ".lycos.nl" domain: HTTP/1.1 302 Found Date: Wed, 25 Jan 2006 13:00:48 GMT Server: Apache/1.3.33 (Unix) Resin/2.1.12 mod_gzip/1.3.26.1a mod_ssl/2.8.22 OpenSSL/0.9.6c Cache-Control: max-age=86400 Expires: Thu, 26 Jan 2006 13:00:48 GMT Cache-Control: private Location: http://f012.mail.lycos.nl Content-Length: 63 Set-Cookie: lsua=d2Via2l0LXRlc3Q6V2Via2l0OlRlc3RlcjpubA%3D%3D; domain=.lycos.nl; path=/; expires=Mon, 24-Apr-2006 23:59:59 GMT Set-Cookie: lsub=5dcd6f09d1d6b1b05ab7cadad396272c1ef188bbdbcdaadcaed0389e01d34a9e0660a989db932ec7bb4575c1167b83e4b011ffcc86c2ea24dd22215333d32bc98134e91998074727e1db497bba646574e5a6; domain=.lycos.nl; path=/lsu/ Set-Cookie: lsud=26575a26f51f07ddfb2e0c86e4457b20%3A1138194048; domain=.lycos.nl; path=/ Set-Cookie: LBC=92c164b4b2f704d4d9f0d03d14d79ad; domain=.lycos.nl; path=/ Set-Cookie: SERVERS=f012.mail.lycos.nl#; domain=.lycos.nl; path=/ Set-Cookie: IDENTIFIANT=YRWYYSLTMQWLLZLZWSUTLKVNZXMWTMPZKLOVRLSTXXUVTPQOXUWRQTRYNNLVNLXZMXNXXXYNWNYVOVKY; domain=.lycos.nl; path=/ Set-Cookie: AUTH=26575a26f51f07ddfb2e0c86e4457b20; domain=.lycos.nl; path=/ Set-Cookie: ADPROFILE=01970000000000000000000000000FR00000; domain=.lycos.nl; path=/ Connection: close Content-Type: text/html The URL has moved <a href="http://f012.mail.lycos.nl">here</a> Safari then follows the 302 redirect, but fails to send ANY cookies to f012.mail.lycos.nl when I should have sent 7 of them (one had a path of "/lsu/" and should not have been sent): GET / HTTP/1.1 Accept: */* Accept-Language: en Accept-Encoding: gzip, deflate Referer: http://secure.mail.lycos.nl/services/signin/mail.jsp User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Safari/417.8 Connection: keep-alive Host: f012.mail.lycos.nl Firefox 1.5, on the other hand, sends the appropriate 7 cookies with its request at this stage: GET / HTTP/1.1 Host: f012.mail.lycos.nl User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://secure.mail.lycos.nl/services/signin/mail.jsp Cookie: ADPROFILE=01970000000000000000000000000FR00000; lsua=d2Via2l0LXRlc3Q6V2Via2l0OlRlc3RlcjpubA%3D%3D; lsud=c4e4775f9f942ea81d748957c62cc623%3A1138194141; LBC=52115396c45258005d8ee3902b17277; SERVERS=f012.mail.lycos.nl#; IDENTIFIANT=YRWYYSLTMQWLLZLZWSUTLKVNZXMWTMPZKLOVRLSTXXUVTPQOXUWRQTRYNNLVNLXZMXNXXXYNWNYVOVKY; AUTH=c4e4775f9f942ea81d748957c62cc623 Thus, this bug is a duplicate of Bug 3512. (In fact, if you look at the two web sites, they must be using the same webmail software since they're laid out similarly and use very similar URLs.) *** This bug has been marked as a duplicate of 3512 ***
Ruben Smits
Comment 7 2006-02-03 12:52:45 PST
Apple: <rdar://problem/4431359>
David Kilzer (:ddkilzer)
Comment 8 2006-02-03 13:15:39 PST
Added back keywords that were removed.
David Kilzer (:ddkilzer)
Comment 9 2006-02-03 13:18:06 PST
*sigh* This never had the Regression keyword.
Note You need to log in before you can comment on or make changes to this bug.