search

toddmath / firecookie

Automatically exported from code.google.com/p/firecookie
1 stars 0 forks source link

httpOnly cookies #23

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Create a cookie with htmlOnly parameter
2. Try to manipulate it in firecookie
3. Fails.

Original issue reported on code.google.com by m1tc...@gmail.com on 3 Oct 2008 at 3:19

GoogleCodeExporter commented 8 years ago 
I have created a new cookie (using the Create Cookie button on the toolbar), 
set the
HTTP Only flay, edit its value (using Edit item in context menu) and all seems 
to be
fine. Can you please provide more details about the problem?

What does it mean manipulate?
What does it mean Fails? If you see any error messages, where?
What should I exactly do (step by step) to reproduce it?

Thanks!
Honza

Original comment by odva...@gmail.com on 3 Oct 2008 at 3:33

GoogleCodeExporter commented 8 years ago 
Sure thing. 

I noticed the problem debugging a phpBB3 addon. If you look at the cookies here:
http://www.phpbb.com/community/

You will see some unrelated cookies and the phpbb cookies: phpbb3_1fh61_*

When you edit some of the unrelated cookies, they change as they should, however
attempt to edit phpbb3_1fh61_sid and nothing happens, the changes do not occur. 

I concluded this was because of Httponly, but it could be some other bug?

Keep up the good work,
Mitch

Original comment by m1tc...@gmail.com on 3 Oct 2008 at 4:07

GoogleCodeExporter commented 8 years ago 
Hm, I have edited the phpbb3_1fh61_sid (cookie value, expire time, the HTTPOnly 
flag)
and all seem to be fine. I see all my changes properly in the Cookies panel.

What version of FC do you use? There is a 0.7beta9 available at:
http://www.softwareishard.com/blog/firebug/firecookie-07-beta, which I just 
used for
testing....

What language-locale do you use?
What OS?
What version of Firefox?

Honza

Original comment by odva...@gmail.com on 3 Oct 2008 at 5:13

GoogleCodeExporter commented 8 years ago 
What version of Firebug?

Original comment by odva...@gmail.com on 3 Oct 2008 at 5:16

GoogleCodeExporter commented 8 years ago 
Thats odd, don't know what to say then. I am using:
XP SP2
Firefox 3.0.3
Firebug 1.2.1
Firecookie 0.06
FirePHP 0.1.1.2

Original comment by m1tc...@gmail.com on 4 Oct 2008 at 1:35

GoogleCodeExporter commented 8 years ago 
Can you try 0.7beta9 whether it works for you?
http://www.softwareishard.com/blog/firebug/firecookie-07-beta

It's beta, but pretty stable.

There is a lot of improvements and bug fixes. 
Honza

Original comment by odva...@gmail.com on 4 Oct 2008 at 7:13

GoogleCodeExporter commented 8 years ago 
Any progress on this?

Notice that version 0.7 is released on AMO:
https://addons.mozilla.org/en-US/firefox/addon/6683
Honza

Original comment by odva...@gmail.com on 15 Nov 2008 at 6:02

GoogleCodeExporter commented 8 years ago 
I worked out what the problem was. It wasn't related httpOnly, but i suppose you
could still call it bug. The problem was with my website and I have fixed it, 
however
I can still explain it.

Say you had these two cookies:
userid on the domain www.website.com
userid on the domain .website.com

They dont play nice, and i found deleting the .website.com cookie would remove 
the
www.website.com one from the list, and trying again on .website.com did nothing!
Nothing quite worked right, and firecookie had a hard time identifying what 
cookie I
am trying to manipulate.

If you are unable to reproduce the problem I can go get an archived version of 
my
website and show you the specific example, the problem occurred on any firefox 
i used.

Original comment by m1tc...@gmail.com on 15 Nov 2008 at 11:01

GoogleCodeExporter commented 8 years ago 
OK, I was finally able to reproduce the HTTPOnly problem.

Online test case here:
http://www.janodvarko.cz/firecookie/tests/issue23/issue23.php

Also I have reported the problem described in comment #8 as a new issue here:
http://code.google.com/p/firecookie/issues/detail?id=36

Original comment by odva...@gmail.com on 12 Mar 2009 at 12:08

GoogleCodeExporter commented 8 years ago 
Unit test:
http://code.google.com/p/firecookie/source/browse/trunk/chrome/content/firecooki
e/tests/issue23.js

Original comment by odva...@gmail.com on 24 Mar 2009 at 11:41

GoogleCodeExporter commented 8 years ago 
The issue should be fixed in new version:
http://www.softwareishard.com/firecookie/archive/firecookie-0.9b3.xpi

Please let me know if it doesn't work for you.

Thanks!
Honza

Original comment by odva...@gmail.com on 31 Jul 2009 at 10:57

GoogleCodeExporter commented 8 years ago

Original comment by odva...@gmail.com on 12 Jun 2010 at 10:09

GoogleCodeExporter commented 8 years ago 
Can't test it because the installer states it is not compatible with firefox 
9.0.1. I've an older version installed and works, albeit, the issue still 
arises. Waiting for an upgrade to 9.0.1...

Cheers,
LF

Original comment by kinda...@gmail.com on 13 Jan 2012 at 8:59