I'm not sure if it's related or not, but I use site-specific UA overrides for both these sites. Dropped the override on informaction and haven't seen the issue yet, but that might not mean much.
Been running the Browser Toolbox network monitor in the background to see if it'd catch the issue in action, but so far it just hasn't happened as long as that's been up
I'd like to file a bug about this, as it doesn't happen in any other browser, not even an older (45esr-based) SeaMonkey running a basically identical profile.
How to pin this issue down enough to find out why the login is dropped and get repeatable STR?
Happened again trying to edit this post right after posting it. And so far I've found that whether the site-specific UA override is getting send to the site is a bit random, that'd be why the login is getting dropped. Also it seems like there maybe two different sets of cookies involved, one with the login and one not? Resources included by the page seem to be fetched with the main UA override and without the cookies containing my login.
Still no idea on getting repeatable STR, but at least have something to go off of now..
EDIT2 I think maybe I'll just switch site-specific UA override handling to my custom UA spoofing extension. That should hopefully work around the problem at least.
EDIT3 FWIW this is the exact request that happened when my login here was dropped:
- Code: Select all
GET /cron.php?cron_type=queue HTTP/1.1
User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Firefox/45.0
Accept-Encoding: gzip, deflate
Cookie: phpbb3-mzforum23_u=2666093; phpbb3-mzforum23_k=; phpbb3-mzforum23_sid=xxxxxxx; style_cookie=null
- Code: Select all
HTTP/1.1 200 OK
Set-Cookie: phpbb3-mzforum23_u=1; expires=Tue, 29-Aug-2017 21:28:45 GMT; path=/; HttpOnly
phpbb3-mzforum23_k=; expires=Tue, 29-Aug-2017 21:28:45 GMT; path=/; HttpOnly
phpbb3-mzforum23_sid=yyyyyyyy; expires=Tue, 29-Aug-2017 21:28:45 GMT; path=/; HttpOnly
Date: Mon, 29 Aug 2016 21:28:45 GMT
Via: 1.1 varnish
That user-agent string is pretty obviously not at all what you see below. The sid's (obscured for security) are totally different..