Firefox does not set cookies for http://localhost

Bug #325266 reported by Hendy Irawan on 2009-02-04
36
This bug affects 6 people
Affects Status Importance Assigned to Milestone
firefox-3.0 (Ubuntu)
Undecided
Unassigned
Nominated for Intrepid by Hendy Irawan
Nominated for Jaunty by Hendy Irawan

Bug Description

Binary package hint: firefox-3.0

Opening a website located at http://localhost/something.php that gives a cookie has its cookie ignored by Firefox. Also occurs for host that does not have dot:

http://hostname/something.php

The result is logins etc. which require a cookie to work, do not work.

The exact same website, when opened using:

http://127.0.0.1/something.php
http://hostname.custom/something.php # hostname points to 127.0.1.1
http://hostname.local/something.php # hostname points to 192.168.0.x

has its cookies saved and loaded properly by Firefox. For some reason Firefox is "blocking" localhost or any hostname without dot.

I have empty cookie exceptions list on my Firefox preferences. Adding "localhost" and setting it as "enable" (always accept) does not work.

This only happens on Firefox. Using Konqueror, text-mode ELinks, to browse the site (in all 4 URL variants) works properly (with regard to cookies).
____

For reference, currently my /etc/hosts is:

127.0.0.1 localhost
127.0.1.1 caliva

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Hendy Irawan (ceefour) on 2009-02-04
description: updated
description: updated
JanBrinkmann (jbrinkmann) wrote :

Thank you very much for reporting your problem. It would be very helpful if you could provide a copy of the script which doesnt work as expected (something.php for example). Can you also please provide the detailed package version of firefox you've installed?

JanBrinkmann (jbrinkmann) wrote :

Another question: On which version of Ubuntu are you encountering these problems?

Changed in firefox-3.0:
status: New → Incomplete
Hendy Irawan (ceefour) wrote :

Version info:

$ firefox --version
Mozilla Firefox 3.0.5, Copyright (c) 1998 - 2008 mozilla.org

ceefour@caliva:~$ uname -a
Linux caliva 2.6.27-11-generic #1 SMP Thu Jan 29 19:24:39 UTC 2009 i686 GNU/Linux

ceefour@caliva:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.10
DISTRIB_CODENAME=intrepid
DISTRIB_DESCRIPTION="Ubuntu 8.10"

ceefour@caliva:~$ aptitude show firefox
Package: firefox
State: installed
Automatically installed: no
Version: 3.0.5+nobinonly-0ubuntu0.8.10.1
Priority: optional
Section: web
Maintainer: Alexander Sack <email address hidden>
Uncompressed Size: 127k
Depends: firefox-3.0, firefox-3.0-branding
Provided by: abrowser
Description: meta package for the popular mozilla web browser
 Firefox 3 is the next major release of the standalone Mozilla browser; it is written in the XUL language and designed to be lightweight and
 cross-platform.

 This is a meta package that will point to the latest firefox package in ubuntu. Don't remove this if you want to receive automatic major version
 upgrades for this package in future.

Hendy Irawan (ceefour) wrote :

something.php : (all lines between dashes)
--------------------------------------------
<?php
setcookie('cookietest', 'php', time()+3600, '/', 'localhost');
?>

Check the cookie. Make sure to run this script from http://localhost/something.php (root path)
--------------------------------------------

JanBrinkmann (jbrinkmann) wrote :

Thanks a lot for the additional information!

Changed in firefox-3.0:
status: Incomplete → Confirmed
Tchalvak (tchalvak) wrote :

Yeah, just spent a long, long while debugging this problem to try to allow local webdevelopment (that localhost address totally screws over cookies) on firefox.

I'm now running firefox 3.0.6 in intrepid ibex, does anyone know of a workaround to fix this issue? Force upgrade to a newer FF version somehow? Modify a firefox conf file? Modify the host file somehow?

I'm able to use 127.0.0.1 as a workaround for now, but I'd prefer to have it all fully working if there's already an upgrade or file-editing solution available out there.

I can confirm this, the latest update (FF 3.0.8) is suffering from the same problem on Intrepid Ibex. I've spent 4 hours to figure out what my problem was in a complex application.

Good to know I am not insane and it is a bug.

Hendy Irawan (ceefour) wrote :

Additional info:

* Problem STILL OCCURS on Firefox 3.5.2 (installed from getfirefox.com) on Ubuntu 9.04
* Problem ALSO OCCURS on Google Chrome 4.0.203.2 on Ubuntu 9.04
* Problem does NOT occur on Opera 9.64 Build 2480 on Ubuntu 9.04

Hendy Irawan (ceefour) wrote :

Additional info:

* Problem happens when "domain" part of cookie is set. i.e. in PHP: setcookie(name, value, expire, path, domain); the domain part must not be left out.
* When the domain part is left out, the problem does not occur.

description: updated
Hendy Irawan (ceefour) wrote :

Updated version of testcookie.php that better illustrates the problem without external tool: (everything between dashes is the contents of script, do not put any leading whitespace)
--------------------------------------
<?php
$lastcookies = $_COOKIE;
setcookie('cookietest', 'php', time()+3600, '/', 'localhost');
?>

<p>Contents of $_COOKIE (this should NOT be empty after second refresh):</p>
<pre><?php print_r($lastcookies); ?></pre>

<p>Check the cookie. Make sure to run this script from http://localhost/something.php (root path)</p>
-----------------------------------

the domain part of setcookie() must be set to the domain to be tested (localhost for example)

Hendy Irawan (ceefour) wrote :

Fixed previous misinformation in description that http://hostname/something.php does not cause the problem. It does cause the problem. So basically every non-dotted hostname causes this problem.

Marton Balint (cus) wrote :

Seems like a feature. See section 3.2.2 of http://www.faqs.org/rfcs/rfc2965.html

Changed in firefox-3.0 (Ubuntu):
status: Confirmed → Invalid
Marton Balint (cus) wrote :

Sorry, it is in section 3.3.2.

sandesh (mohansandesh) wrote :

I also have this problem. It works only in Safari on Mac Snow leopard and elinks.

My setup is like this

http://localhost/cook.php
http://webservices/cook.php
http://webservices.abc.xyg.edu/cook.php

This is cook.php

<?php

error_reporting(E_ALL);

setcookie ('test', 'test', time() + 60);

print_r($_COOKIE);

echo strftime('%c');

?>

cook.php is able to read the cookies already set by xyg.edu (tested only in firefox).

@Marton Balint I don't understand rfc2695 as you seem to understand it.
From section 3.3.2 : "The value for the Domain attribute contains no embedded dots, and the value is not .local."
I think that localhost should be considered an exception similar to .local. However, if authors of rfc2695 really
meant that cookies for localhost shouldn't be accepted, I would be glad to know why. I consider it a Firefox bug or
a stupidity in rfc.

This bug (in the RFC) bit me, too. I like to use Firebug over anything else for development, and development tends to happen on localhost.

Just remember, one has a moral responsibility to disobey unjust RFCs!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers