[Webkit-unassigned] [Bug 87979] New: Login to secure Bank pages broken

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 31 08:02:55 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=87979

           Summary: Login to secure Bank pages broken
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: http://www.produbanco.com/GFPNet/
        OS/Version: Mac OS X 10.7
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: svetloslav at hotmail.com


Since the update to Safari 5.1.7 (on Lion 10.7.4, all latest updates applied). I'm no longer able to login into secure pages to manage my bank accounts. As an example i will give Produbanco (the link above). Once on the page you follow "Banca de Personas" link. From there in the drop down menu is "USUARIO" to be selected. When I input my credentials and try to login I get in places of the login block a message " Your session has expired". With the latest Webkit build 119050, when I click the login button I manage to pass further on to the login process but than I get a message "Your session has expired try to log in again". This is a constant loop. I accept all cookies and do not block pop-up windows. Still it does not work as in previous versions. Firefox and Internet Explorer work rock solid.  You have some kind of bug introduced at handling of cookies and JavaScript in combination. It was introduced with Safari 5.1.7 and it propagates through all consecutive Webkit builds.
Another example that is even worst.
Banko de Pichincha at:
http://www.pichincha.com/web/index.php
To go to login page you click on "PERSONAS" button. The loaded login window has a horrible, horrible CSS rendering where the text of all menus is overlapping in the window. No other browser has such an ugly bug. Than when I try to login I get a message returned by VeriSign "NOT AUTHORIZED ACCESS". This problem came again since Safari 5.1.7 and similarly to the previous example works rock solid on any other browser but Safari/Webkit.
I consider this bug extremely sever because it effectively breaks secure access to Bank pages which is unacceptable to any modern browser.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list