Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

Learn More

话题已存档。 如果需要帮助请提出新问题。

What might cause firefox to fail to send some cookies for some requests?

  • 无回复
  • 1 人有此问题
  • 3 次查看
illandril
illandril
more options

Two of my co-workers is having intermittent issues trying to use a webapp I am a developer for. For some reason, Firefox is not sending a cookie (specifically, the JSESSIONID cookie) for some requests, which is causing them to get logged out unexpectedly (or in the most common case, preventing him from logging in at all). It is not happening all of the time, and only seems to be an issue for the JSESSIONID cookie and not other cookies.

They are not using Private Browsing Mode, they do not have any add-ons/extensions installed, and they have tried uninstalling and re-installing Firefox. It has not yet happened for anybody else using Firefox, and has not happened for anybody using other browsers (including the two who experienced the issue on Firefox).


Here are the headers (as captured by Firefox) for one series of requests...

Request (navigating to "http://host.com" for the first time [note: host.com is not the real hostname - it is not a publicly facing server]): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.5.10.1481318753; __utmt=1; __utmc=194058795 Connection: keep-alive Upgrade-Insecure-Requests: 1 If-Modified-Since: Fri, 09 Dec 2016 21:31:41 GMT If-None-Match: 9013021931481319101595

Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:32:46 GMT Set-Cookie: JSESSIONID=CA9F06B57E41CF67667A1199E03D0538; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:32:46 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 4997651961481319166140 Last-Modified: Fri, 09 Dec 2016 21:32:46 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked


Request (after putting in user/password and clicking Login): POST /open/login HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://host.com/ Cookie: localeid=en_US_default; _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; __utmc=194058795 Connection: keep-alive Upgrade-Insecure-Requests: 1

Response: HTTP/1.1 302 Found Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: JSESSIONID=34F982A0D1DE72B615B936144DBE9496; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238506 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Location: http://host.com/ Content-Length: 0 Connection: close Content-Type: text/plain; charset=UTF-8

Request (for the HTTP 302 redirect): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://host.com/ Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; JSESSIONID=34F982A0D1DE72B615B936144DBE9496 Connection: keep-alive Upgrade-Insecure-Requests: 1

Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238594 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked


As the headers show, the JSESSIONID cookie not sent back to the server during the login request, but it is sent back during the request responding to the HTTP 302 redirect, even though it is being sent by the server the same way both times. Also, all of the other cookies set previously are sent by Firefox every time.

What might be causing this behavior, and how can I get it to stop?

Two of my co-workers is having intermittent issues trying to use a webapp I am a developer for. For some reason, Firefox is not sending a cookie (specifically, the JSESSIONID cookie) for some requests, which is causing them to get logged out unexpectedly (or in the most common case, preventing him from logging in at all). It is not happening all of the time, and only seems to be an issue for the JSESSIONID cookie and not other cookies. They are not using Private Browsing Mode, they do not have any add-ons/extensions installed, and they have tried uninstalling and re-installing Firefox. It has not yet happened for anybody else using Firefox, and has not happened for anybody using other browsers (including the two who experienced the issue on Firefox). Here are the headers (as captured by Firefox) for one series of requests... Request (navigating to "http://host.com" for the first time [note: host.com is not the real hostname - it is not a publicly facing server]): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.5.10.1481318753; __utmt=1; __utmc=194058795 Connection: keep-alive Upgrade-Insecure-Requests: 1 If-Modified-Since: Fri, 09 Dec 2016 21:31:41 GMT If-None-Match: 9013021931481319101595 Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:32:46 GMT Set-Cookie: JSESSIONID=CA9F06B57E41CF67667A1199E03D0538; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:32:46 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 4997651961481319166140 Last-Modified: Fri, 09 Dec 2016 21:32:46 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked Request (after putting in user/password and clicking Login): POST /open/login HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://host.com/ Cookie: localeid=en_US_default; _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; __utmc=194058795 Connection: keep-alive Upgrade-Insecure-Requests: 1 Response: HTTP/1.1 302 Found Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: JSESSIONID=34F982A0D1DE72B615B936144DBE9496; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238506 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Location: http://host.com/ Content-Length: 0 Connection: close Content-Type: text/plain; charset=UTF-8 Request (for the HTTP 302 redirect): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://host.com/ Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; JSESSIONID=34F982A0D1DE72B615B936144DBE9496 Connection: keep-alive Upgrade-Insecure-Requests: 1 Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238594 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked As the headers show, the JSESSIONID cookie not sent back to the server during the login request, but it is sent back during the request responding to the HTTP 302 redirect, even though it is being sent by the server the same way both times. Also, all of the other cookies set previously are sent by Firefox every time. What might be causing this behavior, and how can I get it to stop?