Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

此討論串已被封存。 如果您有需要幫助,請新增一個新問題

64-bit browser is scrubbing out ltpatoken from cookie

  • 2 回覆
  • 1 有這個問題
  • 1 次檢視
  • 最近回覆由 astuer

astuer
astuer
more options

when trying to login to a server configured for single sign-on, all works well using a 32-bit browser, the server responds with the ltpatoken and the browser correctly re-uses the received ltpatoken in it's next requests to the server. BUT when using a 64-bit browser, on the same workstation, connecting to the same server, the browser suddenly scrubbs out the ltpatoken from the cookie which breaks the flow and the user cannot open the web application as blocked on the login prompt.

Has anyone an idea what can cause this strange behavior. My browser settings are standard, I didn't change anything. But could it be that 64-bit has some strickter security setting which makes the browser think the ltpatoken in the cookie isn't correct ? we don't have the security bit set on the token, the domain accompanying the token is correct, so not sure what else to check as all works fine switching to 32-bit browser !

when trying to login to a server configured for single sign-on, all works well using a 32-bit browser, the server responds with the ltpatoken and the browser correctly re-uses the received ltpatoken in it's next requests to the server. BUT when using a 64-bit browser, on the same workstation, connecting to the same server, the browser suddenly scrubbs out the ltpatoken from the cookie which breaks the flow and the user cannot open the web application as blocked on the login prompt. Has anyone an idea what can cause this strange behavior. My browser settings are standard, I didn't change anything. But could it be that 64-bit has some strickter security setting which makes the browser think the ltpatoken in the cookie isn't correct ? we don't have the security bit set on the token, the domain accompanying the token is correct, so not sure what else to check as all works fine switching to 32-bit browser !

被選擇的解決方法

I finally found the cause of this issue. Security has been enforced on 64-bit browsers and additionally in Windows10. The following RFC 6265 was implemented (which isn't implemented in 32-bit browsers and not generally on windows7 workstations) which includes a check on the cookie attribute "Domain" against the public domain suffix list (https://publicsuffix.org/list/public_suffix_list.dat). I my case the token domain was included in this list which caused the browser to reject the cookie. After modifying the token dns domain to a value not included in the public domain list, the problem was solved !

從原來的回覆中察看解決方案 👍 0

所有回覆 (2)

Pj
Pj
more options

astuer said

When using a 64-bit browser, on the same workstation, connecting to the same server, the browser suddenly scrubbs out the ltpatoken from the cookie which breaks the flow and the user cannot open the web application as blocked on the login prompt...

I'll guess at this. What about turning OFF Content Blocking or reducing the Blocking? (My settings, attached. Try other setups.)


~Pj

astuer
astuer 提出問題者
more options

選擇的解決方法

I finally found the cause of this issue. Security has been enforced on 64-bit browsers and additionally in Windows10. The following RFC 6265 was implemented (which isn't implemented in 32-bit browsers and not generally on windows7 workstations) which includes a check on the cookie attribute "Domain" against the public domain suffix list (https://publicsuffix.org/list/public_suffix_list.dat). I my case the token domain was included in this list which caused the browser to reject the cookie. After modifying the token dns domain to a value not included in the public domain list, the problem was solved !