MozillaZine

SM 2.46 dropping my login

Discussion about Seamonkey builds
barbaz
 
Posts: 1515
Joined: October 1st, 2014, 3:25 pm

Post Posted August 29th, 2016, 2:28 pm

Testing out self-built SeaMonkey 2.46 (see user-agent string) and noticing that my login on this site and https://forums.informaction.com/ is getting dropped. I think it's not random, it seemingly always happens shortly after having made a POST request. One example is right after I posted viewtopic.php?p=14697869#p14697869, I clicked to subscribe to the topic and found I was logged out. Another example is trying to preview a post on informaction. Third example (from a while ago) is right after logging in informaction, clicked "View new posts".

I'm not sure if it's related or not, but I use site-specific UA overrides for both these sites. Dropped the override on informaction and haven't seen the issue yet, but that might not mean much.

Been running the Browser Toolbox network monitor in the background to see if it'd catch the issue in action, but so far it just hasn't happened as long as that's been up :?

I'd like to file a bug about this, as it doesn't happen in any other browser, not even an older (45esr-based) SeaMonkey running a basically identical profile.
How to pin this issue down enough to find out why the login is dropped and get repeatable STR?


EDIT
Happened again trying to edit this post right after posting it. And so far I've found that whether the site-specific UA override is getting send to the site is a bit random, that'd be why the login is getting dropped. Also it seems like there maybe two different sets of cookies involved, one with the login and one not? Resources included by the page seem to be fetched with the main UA override and without the cookies containing my login. :-k

Still no idea on getting repeatable STR, but at least have something to go off of now..

EDIT2 I think maybe I'll just switch site-specific UA override handling to my custom UA spoofing extension. That should hopefully work around the problem at least.

EDIT3 FWIW this is the exact request that happened when my login here was dropped:
Code: Select all
GET /cron.php?cron_type=queue HTTP/1.1
Host: forums.mozillazine.org
User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://forums.mozillazine.org/viewtopic.php?f=5&t=3021425
Cookie: phpbb3-mzforum23_u=2666093; phpbb3-mzforum23_k=; phpbb3-mzforum23_sid=xxxxxxx; style_cookie=null
DNT: 1
Connection: keep-alive

Code: Select all
HTTP/1.1 200 OK
Server: Apache
Set-Cookie: phpbb3-mzforum23_u=1; expires=Tue, 29-Aug-2017 21:28:45 GMT; path=/; HttpOnly
phpbb3-mzforum23_k=; expires=Tue, 29-Aug-2017 21:28:45 GMT; path=/; HttpOnly
phpbb3-mzforum23_sid=yyyyyyyy; expires=Tue, 29-Aug-2017 21:28:45 GMT; path=/; HttpOnly
Cache-Control: no-cache
Content-Type: image/gif
Content-Length: 43
Date: Mon, 29 Aug 2016 21:28:45 GMT
X-Varnish: 2094959080
Age: 0
Via: 1.1 varnish
Connection: keep-alive

That user-agent string is pretty obviously not at all what you see below. The sid's (obscured for security) are totally different..
*Always* check the changelogs BEFORE updating that important software!

barbaz
 
Posts: 1515
Joined: October 1st, 2014, 3:25 pm

Post Posted August 29th, 2016, 6:48 pm

Well that was easier than I thought it'd be. New profile is affected, so https://bugzilla.mozilla.org/show_bug.cgi?id=1299013

It looks that the override maybe applies only to top-level documents?
*Always* check the changelogs BEFORE updating that important software!

therube

User avatar
 
Posts: 16877
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted August 30th, 2016, 8:07 am

test

---

So I type 'test', then Submit this post.
After the page refreshes, I go back & click 'Subscribe' & the page refreshes, & I'm told I've subscribed.
All the while still logged in.

Is that the idea?

Mozilla/5.0 (Windows NT 5.1; rv:49.0) Gecko/20100101 SeaMonkey/2.46
Built from http://hg.mozilla.org/releases/mozilla- ... df5dc5e426

Looks to be a build from 08/11/2016.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

therube

User avatar
 
Posts: 16877
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted August 30th, 2016, 8:12 am

Cookie issue?
Something with your self-build?
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

therube

User avatar
 
Posts: 16877
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted August 30th, 2016, 8:16 am

Restart browser.
Change UA.
Load mozillazine (I'm not logged in at this point).
Log in.

---

test UA.
general.useragent.override.mozillazine.org;hi there you swine

---

Submit this post.
Subscribe.
Unsubscribe.

Still logged in as expected.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

barbaz
 
Posts: 1515
Joined: October 1st, 2014, 3:25 pm

Post Posted August 30th, 2016, 8:59 am

Ah, I see why it's so hard to reproduce the login drop. You have to load a php file *not* as a top-level document. And cron.php is the only such php document I've encountered here.
So, in order to reproduce reliably, I'd suggest to try clear your cache, and maybe then use devtools on some mozillaZine page to create a img element with src pointing to another (not-yet-cached) php file on mozillaZine. EDIT Confirmed that this does indeed drop the login (and clearing cache is not needed if using a URL to a php you haven't visited yet)

therube wrote:Restart browser.
Change UA.
Load mozillazine (I'm not logged in at this point).
Log in.

---

test UA.
general.useragent.override.mozillazine.org;hi there you swine

---

Submit this post.
Subscribe.
Unsubscribe.

Still logged in as expected.

No that's not expected, you should be logged out the next thing you do after adding the site-specific UA override.
*Always* check the changelogs BEFORE updating that important software!

therube

User avatar
 
Posts: 16877
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted August 31st, 2016, 9:24 am

general.useragent.override.forums.mozillazine.org

Only the first request (GET / Cause: document) has the IE 8 user-agent string; all others have the default user-agent string.


Have you checked to see if general.useragent.override (not site specific) is applied consistently?
Does using a more "general", general.useragent.override.mozillazine.org (rather then forums.mozillazine.org) make any difference?


I'll just note this here, (WONTFIX, on the FF end:) Bug 933959 - general.useragent.override.[domain] (about:config entry) stopped working.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

barbaz
 
Posts: 1515
Joined: October 1st, 2014, 3:25 pm

Post Posted August 31st, 2016, 2:13 pm

Per advice from Mc on irc, I've switched to using a modified version of UAControl for managing site-specific user-agent strings.

therube wrote:Have you checked to see if general.useragent.override (not site specific) is applied consistently?

Yes, that one works fine, that's where the FreeBSD user-agent string in the OP came from.

therube wrote:Does using a more "general", general.useragent.override.mozillazine.org (rather then forums.mozillazine.org) make any difference?

Nope :(
*Always* check the changelogs BEFORE updating that important software!

Return to SeaMonkey Builds


Who is online

Users browsing this forum: No registered users and 1 guest