www.edd.ca.gov - Incorrect redirect after sign in

[jaymzh]

URL: https://www.edd.ca.gov/Disability/How_to_File_a_DI_Claim_in_SDI_Online.htm

Browser / Version: Firefox 87.0 Operating System: Linux Tested Another Browser: Yes Chrome

Problem type: Something else Description: login results in 404, only on firefox Steps to Reproduce: This is one of those bugs that I find hard to believe is the browser's fault, but alas, it only happens in Firefox.

If I log into EDD on Firefox, when I enter my password, the submission goes to https://portal.edd.ca.gov/oam/server/auth_cred_submit which is a 404 so I'm never actually logged in.

However, in chrome, when I submit my password I get sent to https://portal.edd.ca.gov/WebApp/Home?end_url=https%3A%2F%2Fportal.edd.ca.gov%2FWebApp%2FHome

and am logged in.

BTW I believe anyone can register for an account on CA EDD, so others should be able to repro even if you have no reason to sign up for any benefits.

Browser Configuration

• None

From webcompat.com with ❤️

[softvision-oana-arbuzov]

Thanks for the report, I was able to sign in successfully into my account from main page.

If I navigate to the provided URL and sign in, on Firefox is shows page not found, but on Chrome is shows the page and displays that I'm signed in.

Tested with: Browser / Version: Firefox Nightly 90.0a1 (2021-04-25) Operating System: Ubuntu 20.04.2

Moving to Needsdiagnosis for further investigation.

[jaymzh]

Not sure what you mean by main page. If I go to edd.ca.gov and click "Benefits Login", type in my email, click submit, type in my password, click submit, I get the 404.

Similarly if I go to https://www.edd.ca.gov/Disability/How_to_File_a_DI_Claim_in_SDI_Online.htm Click "Login" Type in email, click submit. Type in password, click submit. See 404.

[karlcow]

After login I'm redirected to the right page

The second login is failing.

The page you requested cannot be found. If your link was once valid, the information you are looking for has most likely moved.

I clicked on the button and I'm being brough to https://portal.edd.ca.gov/WebApp/Home

Interesting it seems to loose the login information. The post returns a 404

POST /oam/server/auth_cred_submit HTTP/1.1
Host: portal.edd.ca.gov
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en,en-US;q=0.8,fr;q=0.5,fr-FR;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 105
Origin: https://portal.edd.ca.gov
Connection: keep-alive
Referer: https://portal.edd.ca.gov/WebApp/Login
Cookie: __ removed information __
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

[karlcow]

This is user agent sniffing, because if I fake the UA to be chrome, the server sends the right information.

[webcompat-bot]

Generate outreach template

[karlcow]

@jaymzh it would be cool to contact them about the issues in Firefox.

[jaymzh]

@karlcow are you asking if you can reach out to them, or asking me to reach out to them?

[karlcow]

@jaymzh You reaching out to them, you could point to this bug. That would be great.

[jaymzh]

@karlcow what's the best way to do that? The whois contact is hidden, and I don't see any contact info on EDD that isn't, well, about EDD itself, and I don't expect those people will know what to do with that information.

They have a "helpful" techhelp page heh but it doesn't provide anyway to send a bug.

[karlcow]

Right in the footer there is Contact EDD, but indeed doesn't give a lot of ways to contact them. https://www.edd.ca.gov/about_edd/contact_edd.htm

https://twitter.com/CA_EDD They do not reply interact with people there. Probably a bot.

But here https://edd.ca.gov/Disability/VP_Online_Services.htm Some possibilities.

There is also inf@edd.ca.gov

ah on https://www.ca.gov/Help/

Problems with this Site If you find an error with the ca.gov website, please contact our webmaster. For issues with EDD.ca.gov, DMV.ca.gov, etc. please contact the specific department.

you could argue that EDD.ca.gov doesn't provide a way to report issues, hence info.eservices@state.ca.gov

[karlcow]

Oh and https://github.com/orgs/cagov/people This should help too. @aaronhans Do you know who we should contact for the CA EDD department?

[jaymzh]

I sent a modified version of the above template to info.eservices@state.ca.gov (the template is designed for a Mozilla engineer to send, so I cut all that up)

[aaronhans]

Thanks @karlcow! Really appreciate the community identifying issues like this. I am sharing this with team members who can help get it in front of people who can help.

[jaymzh]

Ugh, info.eservices wrote back and said:

California Department of EDD 
Claim assistance below.

https://edd.ca.gov/claims.htm 

Thanks for the form letter. :roll_eyes:

• Phil

[karlcow]

Let's hope aaron will help us to have a better outcome.

[jaymzh]

Hey @aaronhans - any update. I just hit this again.

[daguar]

Hi! Thanks for identifying this and thanks @aaronhans for passing it on. I have elevated the issue to the organization.

[daguar]

Hello! Thanks for reporting this! Having some trouble replicating this. @jaymzh @karlcow Is it possible to try again and see if it is consistently occurring still, and if so any additional information that might assist in running this down.

[jaymzh]

I also can no longer repro, it seems to work in Firefox! Thanks to whoever fixed it!

[daguar]

@jaymzh So glad to hear it! Many hard working public servants at the State of California are to thank. Have a great day!

[jaymzh]

@daguar - this bug is back. :(

[daguar]

@jaymzh Could you provide any more details on replicating consistently? That was a challenge (though maybe because it was resolved back when replication was first attempted!)

[jaymzh]

@daguar everytime I log in from firefox, I get a Page not found / 404. If I switch my useragent to Chrome, then I get the menu as expected.

Was gonna do it again and provide screenshots, but EDD seems to having bigger issues right now, I'm getting:

Access Denied
You don't have permission to access "http://portal.edd.ca.gov/WebApp/Login?" on this server.

Reference #18.1dfe19b8.1626311887.9f85d02 

[jaymzh]

Ugh. I just logged in and out 3 times, and got the bug once, and it worked twice.

Perhaps there's a bad machine behind a load balancer with old code?

And then a 4th and got that "Access Denied" above.

My gut says stale containers/machines/something are sticking around, but I don't know their infra, so hard to say.