What might cause firefox to fail to send some cookies for some requests?
Two of my co-workers is having intermittent issues trying to use a webapp I am a developer for. For some reason, Firefox is not sending a cookie (specifically, the JSESSIONID cookie) for some requests, which is causing them to get logged out unexpectedly (or in the most common case, preventing him from logging in at all). It is not happening all of the time, and only seems to be an issue for the JSESSIONID cookie and not other cookies.
They are not using Private Browsing Mode, they do not have any add-ons/extensions installed, and they have tried uninstalling and re-installing Firefox. It has not yet happened for anybody else using Firefox, and has not happened for anybody using other browsers (including the two who experienced the issue on Firefox).
Here are the headers (as captured by Firefox) for one series of requests...
Request (navigating to "http://host.com" for the first time [note: host.com is not the real hostname - it is not a publicly facing server]): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.5.10.1481318753; __utmt=1; __utmc=194058795 Connection: keep-alive Upgrade-Insecure-Requests: 1 If-Modified-Since: Fri, 09 Dec 2016 21:31:41 GMT If-None-Match: 9013021931481319101595
Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:32:46 GMT Set-Cookie: JSESSIONID=CA9F06B57E41CF67667A1199E03D0538; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:32:46 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 4997651961481319166140 Last-Modified: Fri, 09 Dec 2016 21:32:46 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked
Request (after putting in user/password and clicking Login):
POST /open/login HTTP/1.1
Host: host.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://host.com/
Cookie: localeid=en_US_default; _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; __utmc=194058795
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Response: HTTP/1.1 302 Found Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: JSESSIONID=34F982A0D1DE72B615B936144DBE9496; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238506 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Location: http://host.com/ Content-Length: 0 Connection: close Content-Type: text/plain; charset=UTF-8
Request (for the HTTP 302 redirect): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://host.com/ Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; JSESSIONID=34F982A0D1DE72B615B936144DBE9496 Connection: keep-alive Upgrade-Insecure-Requests: 1
Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238594 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked
As the headers show, the JSESSIONID cookie not sent back to the server during the login request, but it is sent back during the request responding to the HTTP 302 redirect, even though it is being sent by the server the same way both times. Also, all of the other cookies set previously are sent by Firefox every time.
What might be causing this behavior, and how can I get it to stop?