[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements
#14059: Revision of existing double key cookie logic to meet requirements
-----------------------------+----------------------------------
Reporter: michael | Owner: michael
Type: defect | Status: needs_information
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: TorBrowserTeam201501
Actual Points: | Parent ID: #3246
Points: |
-----------------------------+----------------------------------
Comment (by gk):
Replying to [comment:7 michael]:
> R&D is paused, and can procede as soon as questions are answered and
consensus on requirements is reached.
No sure where to put my testing feedback. Given that the patch I tested is
attached in this bug I put my comments here as well. I tested with the
latest nightly + msvb14058-283f7c6.patch on top. In a clean en-US bundle I
did
1) enable third party cookies in Mozilla's privacy settings (the patch
does not contain a special pref I need to toggle as far as I can see)
2) install the Live HTTP Headers to log the traffic
3) restarted and opened the Live HTTP Headers console to log traffic
4) go to http://fundingpoint.net and saved all traffic logs
5) opened in a different tab
https://people.torproject.org/~gk/misc/fundingpoint_iframe.html and saved
all traffic.
6) searched for cookies in the logs.
I get the following in 4)
{{{
http://www.fundingpoint.net/
GET / HTTP/1.1
Host: www.fundingpoint.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101
Firefox/31.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 27 Jan 2015 11:47:45 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.4.23
Set-Cookie: PHPSESSID=sihiadjk37v8bmvboep6d0gj56; path=/
Set-Cookie:
www_pyrocms=%2FjTZdv72Vxmghi%2F9HPFS1DfgA7%2Fysq5K%2BIfGLyW8TburMfS%2FMxGRVxUtGuwpBFilYQ5Yqj6bDRCj6XQV885b%2BkzcBmWsIqk%2FCyBrqARe2y4ytZ5UKGRdzPrZziPRjXEXZlEjzGA%2B%2FvVjljWB3x%2Ft9P76AxFt8Fm9fVmgbXlhO5b3gZgdGajvY59YyO%2FPr2d1dpARNwA5Xqly%2FEFaJk78mIHRiWIlGFmwtGMRc9eQDpvsW9WEmlwbGRwi9cHZV4o6X1PcHK4LIFJZ5IaFGShYacuwGC4Mxqc%2BH8AXBVl0gL47yeAx3E5bUGzjkohzwbJE48EsccGxVMQgPBbffxskc%2FeCNTHh0RmJnOoD%2FmivHKWJ08tU1HFQ1aqz%2FyskJARW;
path=/; domain=www.fundingpoint.net
Expires: Thu, 19 Nov 1981 08:52:00 GMT
}}}
and I see these too (among others) in 5)
{{{
http://www.fundingpoint.net/
GET / HTTP/1.1
Host: www.fundingpoint.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101
Firefox/31.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=sihiadjk37v8bmvboep6d0gj56;
www_pyrocms=%2FjTZdv72Vxmghi%2F9HPFS1DfgA7%2Fysq5K%2BIfGLyW8TburMfS%2FMxGRVxUtGuwpBFilYQ5Yqj6bDRCj6XQV885b%2BkzcBmWsIqk%2FCyBrqARe2y4ytZ5UKGRdzPrZziPRjXEXZlEjzGA%2B%2FvVjljWB3x%2Ft9P76AxFt8Fm9fVmgbXlhO5b3gZgdGajvY59YyO%2FPr2d1dpARNwA5Xqly%2FEFaJk78mIHRiWIlGFmwtGMRc9eQDpvsW9WEmlwbGRwi9cHZV4o6X1PcHK4LIFJZ5IaFGShYacuwGC4Mxqc%2BH8AXBVl0gL47yeAx3E5bUGzjkohzwbJE48EsccGxVMQgPBbffxskc%2FeCNTHh0RmJnOoD%2FmivHKWJ08tU1HFQ1aqz%2FyskJARW;
_ga=GA1.2.28869478.1422359271; GetResponseComWebform4642401=WebformCookie
Connection: keep-alive
}}}
But that is not expected to happen as the URL bar domain in 5) is
different from the one in 4). It seems to me the patch is not working as
expected or am I missing something here?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14059#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs