Version: (using KDE KDE 3.2.2) Installed from: Gentoo Packages Compiler: gcc (GCC) 3.3.2 20031218 (Gentoo Linux 3.3.2-r5, propolice-3.3-7) OS: Linux Maybe this is not a bug, but the behaviour doesn't reproduce in other browsers (Mozilla, Firefox, Safari and IE). I'll explain the whole story for a better understanding: I have a php website in http://khazaddum.no-ip.com (dynamic IP) and I have registered a domain name (http://lakamarilla.org). If you open lakamarilla, you'll see an html static file that contains only a frame. In this frame, khazaddum.no-ip.com is loaded, so in the address bar you see only "http://lakamarilla.org". In other browsers, you can start a session from the frame, and once it's started, you can logout closing the session. The session info is stored in $HTTP_SESSION_VARS['valid-user']. It works fine. However, in konqueror, when you log in, this variable remains empty, so the session is not started. I have tried accepting all cookies and considering them "session cookies" but the problem remains. If you open khazaddum, instead of lakamarilla, you don't have any problems, since there is only one domain and no frames. I think this can be a bug because I have tested it in other browsers and doesn't reproduce.
I have made the following test. I have created an html file in my $HOME. This is the source (without > and <): html head title kdebugs /title /head frameset frame src="http://bugs.kde.org" /frameset /html If you open this page in mozilla, and you log in, you can see the "log out link" (the session is started). If you open the page in konqueror, and log in, you see the "log in" link, instead of "log out".
I can confirm using the bugs.kde.org above test case.
Confirmed on r575787 with the b.k.o testcase
*** Bug 79226 has been marked as a duplicate of this bug. ***
*** Bug 139504 has been marked as a duplicate of this bug. ***
This works in konqueror 4.1.60 svn trunk 831729, using the testcase in comment #1, I can login in b.k.o
Hrm, for me in trunk, I can log in, but if I then click on "bug tracking home", the bug tracking home page has a "log in" link (ie, it thinks I'm not logged in.
(In reply to comment #7) > Hrm, for me in trunk, I can log in, but if I then click on "bug tracking home", > the bug tracking home page has a "log in" link (ie, it thinks I'm not logged > in. This is the correct behavior when the "Only accept cookies from originating server" aka (3rd party cookies) option has been checked. It protects you against cross-domain cookie stealing using frames...
*** Bug 150869 has been marked as a duplicate of this bug. ***
*** Bug 197510 has been marked as a duplicate of this bug. ***
At least for the bugs.kde.org, I state for sure that it is the intended behavior caused by the fact that kcookiejar will not send cookies marked secure to non-secure sites even if the hostnames are the same. You actually do not need any framed sites to duplicate this condition. You can see it by simply loging into bugs.kde.org and visiting the SSL and non-SSL version of this bug report: https://bugs.kde.org/show_bug.cgi?id=84232 http://bugs.kde.org/show_bug.cgi?id=84232 When you visit the latter link it will tell you that you are not logged in, even though you are, because the secure session cookies will never be sent to the non-secure version of the same site whenever the cookie is marked as such. Hence, that is not a bug, but a correct behavior that is intended to protect you against information leak.
KDE 3 is no longer maintained. However, for resolution to the problems reported here, see comment #8 and comment #11. Also, the test scenario given in comment #1 works just fine here in KDE 4.8.3. Feel free to reopen this ticket if that is not the case for you.