[Webkit-unassigned] [Bug 6728] Unable to login into mail.lycos.nl

bugzilla-daemon at opendarwin.org bugzilla-daemon at opendarwin.org
Wed Jan 25 06:26:58 PST 2006 

http://bugzilla.opendarwin.org/show_bug.cgi?id=6728


ddkilzer at kilzer.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |DUPLICATE




------- Comment #6 from ddkilzer at kilzer.net  2006-01-25 06:26 -------
This is a duplicate of Bug 3512 (explanation below).

However, I would suggest filing a Radar bug anyway and referencing
<rdar://problem/4110617>, this Bugzilla bug, and Bug 3512 in the report since
it's a different web site than the original report.  (I suspect Apple will fix
this in fairly short order since it could affect MANY different web sites, but
that's pure speculation on my part.)

If you're an ADC member, use: https://bugreport.apple.com/
If you're not an ADC member, use:
http://developer.apple.com/bugreporter/bugrptform.html

Below is the analysis.  First, Safari submits an HTTP POST request to
secure.mail.lycos.nl with the username and password to log in:

POST /lsu/signin/action.jsp HTTP/1.1
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate
Cookie: SECFREESESSIONID=kIZ7FQA7YFzb
Referer: http://secure.mail.lycos.nl/services/signin/mail.jsp
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/420+
(KHTML, like Gecko) Safari/417.8
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
Connection: keep-alive
Host: secure.mail.lycos.nl

login=webkit-test&hiddenlogin=Gebruikersnaam&hiddenpassword=******&password=webkit

Next the secure.mail.lycos.nl server returns a 302 redirect response along with
8 cookies to be set on the ".lycos.nl" domain:

HTTP/1.1 302 Found
Date: Wed, 25 Jan 2006 13:00:48 GMT
Server: Apache/1.3.33 (Unix) Resin/2.1.12 mod_gzip/1.3.26.1a mod_ssl/2.8.22
OpenSSL/0.9.6c
Cache-Control: max-age=86400
Expires: Thu, 26 Jan 2006 13:00:48 GMT
Cache-Control: private
Location: http://f012.mail.lycos.nl
Content-Length: 63
Set-Cookie: lsua=d2Via2l0LXRlc3Q6V2Via2l0OlRlc3RlcjpubA%3D%3D;
domain=.lycos.nl; path=/; expires=Mon, 24-Apr-2006 23:59:59 GMT
Set-Cookie:
lsub=5dcd6f09d1d6b1b05ab7cadad396272c1ef188bbdbcdaadcaed0389e01d34a9e0660a989db932ec7bb4575c1167b83e4b011ffcc86c2ea24dd22215333d32bc98134e91998074727e1db497bba646574e5a6;
domain=.lycos.nl; path=/lsu/
Set-Cookie: lsud=26575a26f51f07ddfb2e0c86e4457b20%3A1138194048;
domain=.lycos.nl; path=/
Set-Cookie: LBC=92c164b4b2f704d4d9f0d03d14d79ad; domain=.lycos.nl; path=/
Set-Cookie: SERVERS=f012.mail.lycos.nl#; domain=.lycos.nl; path=/
Set-Cookie:
IDENTIFIANT=YRWYYSLTMQWLLZLZWSUTLKVNZXMWTMPZKLOVRLSTXXUVTPQOXUWRQTRYNNLVNLXZMXNXXXYNWNYVOVKY;
domain=.lycos.nl; path=/
Set-Cookie: AUTH=26575a26f51f07ddfb2e0c86e4457b20; domain=.lycos.nl; path=/
Set-Cookie: ADPROFILE=01970000000000000000000000000FR00000; domain=.lycos.nl;
path=/
Connection: close
Content-Type: text/html

The URL has moved <a href="http://f012.mail.lycos.nl">here</a>

Safari then follows the 302 redirect, but fails to send ANY cookies to
f012.mail.lycos.nl when I should have sent 7 of them (one had a path of "/lsu/"
and should not have been sent):

GET / HTTP/1.1
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate
Referer: http://secure.mail.lycos.nl/services/signin/mail.jsp
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/420+
(KHTML, like Gecko) Safari/417.8
Connection: keep-alive
Host: f012.mail.lycos.nl

Firefox 1.5, on the other hand, sends the appropriate 7 cookies with its
request at this stage:

GET / HTTP/1.1
Host: f012.mail.lycos.nl
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8)
Gecko/20051111 Firefox/1.5
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://secure.mail.lycos.nl/services/signin/mail.jsp
Cookie: ADPROFILE=01970000000000000000000000000FR00000;
lsua=d2Via2l0LXRlc3Q6V2Via2l0OlRlc3RlcjpubA%3D%3D;
lsud=c4e4775f9f942ea81d748957c62cc623%3A1138194141;
LBC=52115396c45258005d8ee3902b17277; SERVERS=f012.mail.lycos.nl#;
IDENTIFIANT=YRWYYSLTMQWLLZLZWSUTLKVNZXMWTMPZKLOVRLSTXXUVTPQOXUWRQTRYNNLVNLXZMXNXXXYNWNYVOVKY;
AUTH=c4e4775f9f942ea81d748957c62cc623

Thus, this bug is a duplicate of Bug 3512.  (In fact, if you look at the two
web sites, they must be using the same webmail software since they're laid out
similarly and use very similar URLs.)


*** This bug has been marked as a duplicate of 3512 ***


-- 
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list