Version: (using KDE Devel) Installed from: Compiled sources Hi, If I go to a website in Konqueror window X and log into it (or whatever) - and then it sets a cookie, I can then browse that website (logged in) in window Y. However, as soon as I close the original window X, the session cookie is removed and I am no longer logged into the site.
Can you please provide an example site where this problem occurs ?
www.transgaming.com - however you need an account to login. Perhaps you can tell me what kinda info you need and I could get it for you?
*** Bug 66953 has been marked as a duplicate of this bug. ***
Bug 66953 is slightly different, in that If I open a website in window X, and that website opens a popup window Y, and I click even a single link in window Y, and then close it, my session cookies are removed from Window X. However, they do likely have the same root cause.
*** Bug 43142 has been marked as a duplicate of this bug. ***
*** Bug 36122 has been marked as a duplicate of this bug. ***
Have you tried KDE 3.2-beta releases to see if either this problem or its variation reported through br# 66953 are resolved ? I can neither duplicate this bug nor the one described in bug# 66953. However, I can duplicate bug# 43142 and the reasons for that are well known. If window Y pops-up a second window X which then sets a cookie that cookie gets deleted when the pop-up window is shutdown (closed). BTW, that bug would not occur if a cookie set an expiration date. In other words it is only a problem for session based cookies...
I can reproduce this 100% consistently with version 3.2.0, hitting an instance of Squirrelmail. Logging in to Squirrelmail creates the initial session cookie, I can hop around anywhere I want within SM with no problem. As soon as I compose a new email, or reply to an email, either of which launch a child window (the SM option "Compose In New Window" is enabled), the original session cookie is killed, and SM forces me to login again. This does NOT occur if I disable the "Compose In New Window" setting, eliminating the launch of the child window.
I cannot reproduce this with squirell mail - I open two windows. with one I login to squirell mail until I get the inbox display. with the second I browse directly to the inbox (http://domain.com/src/webmail.php) which displays fine. I then close the original window with which I logged in, and refresh the inbox display on the second window - it still works. KDE 3.2.0, Mandrake RPMs 3.2-19mdk
Do not open two windows manually. Open Squirell mail in a window. Enable "Compose in a new window". Compose a message in the new window that pops up, send the message, and then close the compose window. You will now have to log in again in the main window
Hmm.. this indeed is how it happens. I think this might be because the windows are related (one is opened by another). maybe khtml removes session cookies when the window is closed because it thinks both windows are the same ? The thing is, that it makes no sense: the session cookies are kept by the browser as long as there is at least one window open - regardless of what site that window points to! This can be demonstrated by my previous test. it makes no sense for khtml to remove the session cookies while a window is open at all, not to mention to the same site. (I wonder what happens to session cookies when konqueror is setup to always keep at least 1 instance in memory. are they kept until the user logs off from X?)
I have the same problems with that cookie bug. I will attach a PHP script. I use PHP "4.3.4" The bug will only happen if in php.ini the value "session.cookie_lifetime" is set to zero. Which means "Lifetime in seconds of cookie or, if 0, until browser is restarted." Of course you will need session ids as cookies: "session.use_cookies = 1". Both values are default for php 4.3.4. In order to check the bug you will have to do the following steps: Close ALL Konqueror instances. 1) Put "bug.php" into your $HOME/public_html or $HOME/WWW (I asume a working Php/Apache setup). 2) Load the file http://localhost/~USER/bug.php. 3) The window will show a "dummy data was empty - setting to 1078092929 " (or similar) at first start. 4) Open the Popup with the link. 5) Close the Popup in the Popup Window. 6) Click "Reload" - you will get a "if you open and closed the popup you got the bug..." because the close event of the Popup killed the cookie. The cookie will be also killed if you close the window with the window [X] button. I verified this this konquerors cookiemanager. The cookie has to be kept until the last process of konqueror dies! Not until a window is closed. My workarond was to set the cookie livetime to 3600 in php.ini: ession.cookie_lifetime = 3600. ;) So the Konqueror bug won't hurt my PHP developement. So - bug or feature? This is a bug! Mozilla / Internet Explorer handles this correct. -- bug.php -- <? if( isset($_GET["popup"]) ) { session_start(); echo "hi in popup!<br><br>"; echo "Session ID: " . $_REQUEST["PHPSESSID"] . "<br>"; echo "Session dummy data: " . $_SESSION["dummy"] . "<br>"; echo "<p><a href=\"javascript:window.close()\">Popup close</a></p>"; exit; } else { session_start(); echo "Session ID: " . $_REQUEST["PHPSESSID"] . "<br>"; echo "Session dummy data: " . $_SESSION["dummy"] . "<br>"; if( strlen( $_SESSION["dummy"] ) == 0 ) { $dummy = time(); echo "dummy data was empty - setting to $dummy <br>"; $_SESSION["dummy"]=$dummy; if( isset( $_GET["reload"] ) ) { echo "if you open and closed the popup you got the bug...<br>"; } } } ?> <script type="text/javascript"> function popup(){ F = window.open( "bug.php?popup=1","popup","width=400,height=300"); } </script> <p><a href="javascript:popup()">Popup open</a></p> <p><a href="bug.php?reload=1">Reload</a></p> -- bug.php end --
Bugzilla HATES my PHP script ;) Here again... -- bug.php -- <? if( isset($_GET["popup"]) ) { session_start(); echo "hi in popup!<br><br>"; echo "Session ID: " . $_REQUEST["PHPSESSID"] . "<br>"; echo "Session dummy data: " . $_SESSION["dummy"] . "<br>"; echo "<p><a href=\"javascript:window.close()\">Popup close</a></p>&qu ot;; exit; } else { session_start(); echo "Session ID: " . $_REQUEST["PHPSESSID"] . "<br>"; echo "Session dummy data: " . $_SESSION["dummy"] . "<br>"; if( strlen( $_SESSION["dummy"] ) == 0 ) { $dummy = time(); echo "dummy data was empty - setting to $dummy <br>"; $_SESSION["dummy"]=$dummy; if( isset( $_GET["reload"] ) ) { echo "if you open and closed the popup you got the bug...<br>"; } } } ?> <script type="text/javascript"> function popup(){ F = window.open( "bug.php?popup=1","popup","width=400,height=300"); } </script> <p><a href="javascript:popup()">Popup open</a></p> <p><a href="bug.php?reload=1">Reload</a></p> -- bug.php end --
3rd try... <? if( isset($_GET["popup"]) ) { session_start(); echo "hi in popup!<br><br>"; echo "Session ID: " . $_REQUEST["PHPSESSID"] . "<br>"; echo "Session dummy data: " . $_SESSION["dummy"] . "<br>"; echo "<p><a href=\"javascript:window.close()\">Popup close</a></p>&qu ot;; exit; } else { session_start(); echo "Session ID: " . $_REQUEST["PHPSESSID"] . "<br>"; echo "Session dummy data: " . $_SESSION["dummy"] . "<br>"; if( strlen( $_SESSION["dummy"] ) == 0 ) { $dummy = time(); echo "dummy data was empty - setting to $dummy <br>"; $_SESSION["dummy"]=$dummy; if( isset( $_GET["reload"] ) ) { echo "if you open and closed the popup you got the bug...<br>"; } } } ?> <script type="text/javascript"> function popup(){ F = window.open( "bug.php?popup=1","popup","width=400,height=300"); } </script> <p><a href="javascript:popup()">Popup open</a></p> <p><a href="bug.php?reload=1">Reload</a></p>
Sorry guys - if this doesn't work - use my last post - put it in a html file and open this in a brower. Then copy&paste the source. <? if( isset($_GET["popup"]) ) { session_start(); echo "hi in popup!<br><br>"; echo "Session ID: " . $_REQUEST["PHPSESSID"] . "<br>"; echo "Session dummy data: " . $_SESSION["dummy"] . "<br>"; echo "<p><a href=\"javascript:window.close()\">Popup close</a></p>"; exit; } else { session_start(); echo "Session ID: " . $_REQUEST["PHPSESSID"] . "<br>"; echo "Session dummy data: " . $_SESSION["dummy"] . "<br>"; if( strlen( $_SESSION["dummy"] ) == 0 ) { $dummy = time(); echo "dummy data was empty - setting to $dummy <br>"; $_SESSION["dummy"]=$dummy; if( isset( $_GET["reload"] ) ) { echo "if you open and closed the popup you got the bug...<br>"; } } } ?> <script type="text/javascript"> function popup(){ F = window.open( "bug.php?popup=1","popup","width=400,height=300"); } </script> <p><a href="javascript:popup()">Popup open</a></p> <p><a href="bug.php?reload=1">Reload</a></p>
*** Bug 77951 has been marked as a duplicate of this bug. ***
I don't mean to rush... but is there any activity on this bug?
The problem as originally reported is by design. The issue that is reported in #10 sounds like a bug though. The design of Konqueror is such that session cookies are removed when all windows that have referenced the cookie have been closed. Since Konqueror doesn't really exit in some circumstances and since it is somewhat arbitrary which konqueror window belongs to which konqueror process it doesn't seem like a good idea to tie the lifetime of session cookies to the lifetime of the konqueror process itself. The alternative is to tie the lifetime of session cookies to the lifetime of the KDE session. This is what we used to do but leads to the undesired situation that cookies for e.g. banking sessions remain around longer than one would expect in some circumstances, in particular the cookie might still be around after closing the window used to browse the bank site and still be available when revisiting the bank site. I'm looking into a solution where the lifetime of the session cookie remains tied to the window in which the cookie is referenced but to expand that more agressively to other windows under some circumstances. In particular in the case where a main-site opens a popup-window to set a cookie, this cookie should somehow also be associated with the window of the main-site.
The problem I get is: I log into parent window, parent window sets a time-cookie and a session-cookie. I open a child window from parent window. after I am done with the child window, I close the child window. I refresh parent window, and the session-cookie is no longer set. The time cookie is still set though.
This only happens to me using php 4.3.3 and above - php 4.3.2 it does not...
Please check your php.ini: >I use PHP "4.3.4" The bug will only happen if in php.ini the value >"session.cookie_lifetime" is set to zero. Which means "Lifetime in seconds >of cookie or, if 0, until browser is restarted." Of course you will need >session ids as cookies: "session.use_cookies = 1". Both values are default >for php 4.3.4. Please try my example (bug #15) and give me some feedback.
Correct on php.ini. trying out the #15 script shows bug when session.cookie.lifetime =0 and not when something else. This is definitely a bug and very annoying. I have websites I go to where I need to login on every page view!!!
CVS commit by waba: Preserve windowIds when refreshing a cookie. (BR64182) Thanks to Harald Fielker for test-case. CCMAIL: 64182@bugs.kde.org M +15 -3 kcookiejar.cpp 1.111.2.3 --- kdelibs/kioslave/http/kcookiejar/kcookiejar.cpp #1.111.2.2:1.111.2.3 @@ -257,5 +257,5 @@ KCookieJar::~KCookieJar() } -static void removeDuplicateFromList(KHttpCookieList *list, KHttpCookie *cookiePtr, bool nameMatchOnly=false) +static void removeDuplicateFromList(KHttpCookieList *list, KHttpCookie *cookiePtr, bool nameMatchOnly=false, bool updateWindowId=false) { QString domain1 = cookiePtr->domain(); @@ -277,4 +277,16 @@ static void removeDuplicateFromList(KHtt ) { + if (updateWindowId) + { + for(QValueList<long>::ConstIterator it = cookie->windowIds().begin(); + it != cookie->windowIds().end(); ++it) + { + long windowId = *it; + if (windowId && (cookiePtr->windowIds().find(windowId) == cookiePtr->windowIds().end())) + { + cookiePtr->windowIds().append(windowId); + } + } + } KHttpCookiePtr old_cookie = cookie; cookie = list->next(); @@ -872,5 +884,5 @@ void KCookieJar::addCookie(KHttpCookiePt if ( !list ) continue; - removeDuplicateFromList(list, cookiePtr); + removeDuplicateFromList(list, cookiePtr, false, true); }
Ok, as I said in #18, a cookie can get associated with multiple windows and will be removed when the last window closes. The problem was that when a window did send a new cookie, that the new cookie replaced the old cookie and it then forgot about all the windows this old cookie was associated with. I have fixed that for KDE 3.2.3 (*NOT* KDE 3.2.2 !!) david@transgaming.com: Are you using KDE from CVS? Can you check if this fixes your problem?
This does not fix BR43142 ( http://www.juno.co.uk/ ) since that site sets the cookie in the popup-window itself. Such cookie will not be associated with the main-window and will therefor be discarded when the popup is closed.
*** Bug 72312 has been marked as a duplicate of this bug. ***
*** Bug 80036 has been marked as a duplicate of this bug. ***
*** Bug 65994 has been marked as a duplicate of this bug. ***
I can't reproduce the problem on www.juno.co.uk, even though I see that KCookieJar::eatSessionCookies is called with the windowId of the closed window. The items are still in the cart after that. Either the site changed, or the code has been fixed, not sure. Anyone got a better testcase of the problem? (with kde-3.5 or kde-4.x, the logic should be the same currently)
This bug report should have been closed a long time ago... KCookiejar's behavior is no different than what other browsers do after the patch that was applied comment #23.