Missing cookies
I have an issue with Firefox 127 not accepting a session cookie that I use for user authentication. I have an ASP.NET application with a login form that includes fields for login and password, and a submit button. When the button is clicked, an HTTPS/POST request is sent to the server. The server responds and sends back a session cookie named .Cookie.Name with the parameter httpOnly set to true.
When I check in Firefox's Developer Tools under the Network tab, I can see .Cookie.Name in the server response. However, in the Developer Tools under the Storage tab, .Cookie.Name is missing, which prevents the user from logging in. This problem does not occur in other browsers like Chrome or Edge, nor does it occur in Firefox version 126. The configurations for Firefox 126 and 127 are identical.
Could you please assist with this issue?
Saafara biñ tànn
Thank you for the link to the mozregression tool. It led us to the commit that changed Firefox's behavior regarding cookies, specifically to commit: "Reject cookies that end in a terminator character." This will allow for further diagnostics and help resolve the issue. Thanks again!
Jàng tontu lii ci fi mu bokk 👍 0All Replies (6)
Can it be something with case sensivity? We treat cookie name prefixes in a case-insensitive manner since Fx127.
TyDraniu moo ko soppali ci
It's a little hard to tell what .Cookie.Name actually is. The problem is with the cookies whose names start with a dot? The other cookies are set successfully?
Saafara yiñ Tànn
Thank you for the link to the mozregression tool. It led us to the commit that changed Firefox's behavior regarding cookies, specifically to commit: "Reject cookies that end in a terminator character." This will allow for further diagnostics and help resolve the issue. Thanks again!
LukaszRoki moo ko soppali ci
In version 127.0.1, it works correctly. We experienced the exact behavior mentioned: Fixed an issue causing Firefox to incorrectly reject cookies for certain websites (bug 1901325). Thank you for your help and quick response.