Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

What might cause firefox to fail to send some cookies for some requests?

  • Akukho zimpendulo
  • 1 inale nkinga
  • 2 views
illandril
illandril
more options

Two of my co-workers is having intermittent issues trying to use a webapp I am a developer for. For some reason, Firefox is not sending a cookie (specifically, the JSESSIONID cookie) for some requests, which is causing them to get logged out unexpectedly (or in the most common case, preventing him from logging in at all). It is not happening all of the time, and only seems to be an issue for the JSESSIONID cookie and not other cookies.

They are not using Private Browsing Mode, they do not have any add-ons/extensions installed, and they have tried uninstalling and re-installing Firefox. It has not yet happened for anybody else using Firefox, and has not happened for anybody using other browsers (including the two who experienced the issue on Firefox).


Here are the headers (as captured by Firefox) for one series of requests...

Request (navigating to "http://host.com" for the first time [note: host.com is not the real hostname - it is not a publicly facing server]): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.5.10.1481318753; __utmt=1; __utmc=194058795 Connection: keep-alive Upgrade-Insecure-Requests: 1 If-Modified-Since: Fri, 09 Dec 2016 21:31:41 GMT If-None-Match: 9013021931481319101595

Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:32:46 GMT Set-Cookie: JSESSIONID=CA9F06B57E41CF67667A1199E03D0538; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:32:46 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 4997651961481319166140 Last-Modified: Fri, 09 Dec 2016 21:32:46 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked


Request (after putting in user/password and clicking Login): POST /open/login HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://host.com/ Cookie: localeid=en_US_default; _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; __utmc=194058795 Connection: keep-alive Upgrade-Insecure-Requests: 1

Response: HTTP/1.1 302 Found Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: JSESSIONID=34F982A0D1DE72B615B936144DBE9496; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238506 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Location: http://host.com/ Content-Length: 0 Connection: close Content-Type: text/plain; charset=UTF-8

Request (for the HTTP 302 redirect): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://host.com/ Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; JSESSIONID=34F982A0D1DE72B615B936144DBE9496 Connection: keep-alive Upgrade-Insecure-Requests: 1

Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238594 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked


As the headers show, the JSESSIONID cookie not sent back to the server during the login request, but it is sent back during the request responding to the HTTP 302 redirect, even though it is being sent by the server the same way both times. Also, all of the other cookies set previously are sent by Firefox every time.

What might be causing this behavior, and how can I get it to stop?

Two of my co-workers is having intermittent issues trying to use a webapp I am a developer for. For some reason, Firefox is not sending a cookie (specifically, the JSESSIONID cookie) for some requests, which is causing them to get logged out unexpectedly (or in the most common case, preventing him from logging in at all). It is not happening all of the time, and only seems to be an issue for the JSESSIONID cookie and not other cookies. They are not using Private Browsing Mode, they do not have any add-ons/extensions installed, and they have tried uninstalling and re-installing Firefox. It has not yet happened for anybody else using Firefox, and has not happened for anybody using other browsers (including the two who experienced the issue on Firefox). Here are the headers (as captured by Firefox) for one series of requests... Request (navigating to "http://host.com" for the first time [note: host.com is not the real hostname - it is not a publicly facing server]): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.5.10.1481318753; __utmt=1; __utmc=194058795 Connection: keep-alive Upgrade-Insecure-Requests: 1 If-Modified-Since: Fri, 09 Dec 2016 21:31:41 GMT If-None-Match: 9013021931481319101595 Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:32:46 GMT Set-Cookie: JSESSIONID=CA9F06B57E41CF67667A1199E03D0538; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:32:46 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 4997651961481319166140 Last-Modified: Fri, 09 Dec 2016 21:32:46 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked Request (after putting in user/password and clicking Login): POST /open/login HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://host.com/ Cookie: localeid=en_US_default; _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; __utmc=194058795 Connection: keep-alive Upgrade-Insecure-Requests: 1 Response: HTTP/1.1 302 Found Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: JSESSIONID=34F982A0D1DE72B615B936144DBE9496; Path=/; HttpOnly localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238506 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Location: http://host.com/ Content-Length: 0 Connection: close Content-Type: text/plain; charset=UTF-8 Request (for the HTTP 302 redirect): GET / HTTP/1.1 Host: host.com User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://host.com/ Cookie: _ga=GA1.2.1318739704.1446480261; phpbb3_mfdaw_u=63; phpbb3_mfdaw_k=faa515d76ea28b59; phpbb3_mfdaw_sid=2e5d8dc7199c6f814890cae5ec38dd7e; __utma=194058795.1318739704.1446480261.1480958228.1481318753.17; __utmz=194058795.1476391703.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); localeid=en_US_default; __utmb=194058795.6.10.1481318753; __utmt=1; JSESSIONID=34F982A0D1DE72B615B936144DBE9496 Connection: keep-alive Upgrade-Insecure-Requests: 1 Response: HTTP/1.1 200 OK Date: Fri, 09 Dec 2016 21:33:58 GMT Set-Cookie: localeid=en_US_default; Expires=Fri, 08-Dec-2023 21:33:58 GMT; Path=""; HttpOnly Expires: Thu, 01 Jan 1970 00:00:00 GMT X-UA-Compatible: IE=edge X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, must-revalidate Etag: 20299669791481319238594 Last-Modified: Fri, 09 Dec 2016 21:33:58 GMT Pragma: no-cache Content-Type: text/html;charset=UTF-8 Connection: close Transfer-Encoding: chunked As the headers show, the JSESSIONID cookie not sent back to the server during the login request, but it is sent back during the request responding to the HTTP 302 redirect, even though it is being sent by the server the same way both times. Also, all of the other cookies set previously are sent by Firefox every time. What might be causing this behavior, and how can I get it to stop?