Bug 191318

Summary: all cookies are treated as session cookies independed of settings
Product: [Applications] konqueror Reporter: Mathias Homann <Mathias.Homann>
Component: kcookiejarAssignee: David Faure <faure>
Status: RESOLVED FIXED    
Severity: normal CC: adawit, claudiu, d.scheftelowitsch, phep-lists, vdboor
Priority: NOR    
Version: 4.2.2   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Mathias Homann 2009-05-02 09:46:04 UTC
Version:            (using KDE 4.2.2)
OS:                Linux
Installed from:    SuSE RPMs

when i log in on a website that has a "remember me" field (like a forum or similar), I select "remember me". Next time i go to that site, i still have to log in. I've disabled "treat all cookies as session cookies" in conqueror settings, and "accept all cookies" is switched on.
Comment 1 Mathias Homann 2009-05-04 21:30:52 UTC
seems that under certain conditions cookies don't work at all, i cannot sign in to deutsche bank online banking, with the error message from the site "Your browser does not accept cookies".
Comment 2 Dimitri Scheftelowitsch 2009-05-09 14:15:21 UTC
I am able to reproduce this bug on openSUSE 11.1 / KDE 4.2.2 / Qt 4.5.1+4.5.2 20090506 snapshot (from openSUSE repository). It also looks like (after some testing) that the Arora browser (Which should be KDE independent) and the Qt demo browser are affected in a similar way and do not accept cookies from some websites. Thus, I suppose that this bug could be Qt-specific.

See also the Qt tracker entry #229874 http://www.qtsoftware.com/developer/task-tracker/index_html?method=entry&id=228974
Comment 3 Dimitri Scheftelowitsch 2009-05-09 14:56:28 UTC
(In reply to comment #2)
The Qt bug seems fixed as of the 20090508 snapshot. At least the Qt demo browser behaves properly now.
Comment 4 Patrice Pillot 2009-06-17 14:24:09 UTC
I confirm this bug in konqueror on Debian testing / KDE 4.2.2 / Qt 4.5.1 .

Please note that this bug is present in konqueror (even with a freshly created account) _BUT_ it is not present in the QtDemo browser (this one behaves normally) hence this does not seem to be related to Qt.

More precisely and this surely indicates the source of the bug, I noticed that the cookies are all marked by konqueror as expiring at the end of the session (when visiting settings->...->cookies) while those cookies that are sent by the web apps have an expiration date set in the past. 

This is the contents of my kcookiejarrc:
[$Version]
update_info=kcookiescfg.upd:kde2.2/b1,kcookiescfg.upd:kde3.1/cvs

[Cookie Dialog]
PreferredPolicy=1
ShowCookieDetails=true

[Cookie Policy]
AcceptSessionCookies=true
CookieDomainAdvice=.kde.org:Accept
CookieGlobalAdvice=Accept
Cookies=true
IgnoreExpirationDate=false
RejectCrossDomainCookies=false

By the way, although this might only be a transient artifact, while I tried different tricks to make it work, I once noticed a message telling about a "cookie engine not running" (translated, and out of memory).

If telled the name of the process I could check this.

HTH
Comment 5 Mathias Homann 2009-08-27 11:11:27 UTC
this bug still exists in konqueror 4.3.00. how about someone actually looks at it.
cookies not working properly = browser unusable.
Comment 6 Patrice Pillot 2009-11-08 20:41:30 UTC
Under 4.3.1 this bug does not show anymore.

Merci David !
Comment 7 David Faure 2009-11-09 16:15:43 UTC
I'm a bit confused because I'm not sure which fix would have fixed this.

All the confusion about domains starting with a dot was in the cookies configuration module (which uses fromAce/toAce), not in the cookie handling itself (kcookiejar).
There was also bug 190394, but that one is only for "localhost", while in this report you're talking about any website, right?

Anyway; glad to hear it works, but waiting for confirmation from others before closing.
Comment 8 Claudiu Cismaru 2009-11-17 22:39:28 UTC
Confirm this bug for Konqueror/KDE 4.3.3 on site: http://www.tvtorrents.com

The KDE system is from openSUSE repository, running openSUSE 11.2.
Comment 9 Dawit Alemayehu 2009-12-15 20:27:26 UTC
Can anyone use another browser and check the expiration date for cookies left behind when you elect to have the website "remember your login" ? If the expiration date is beyond 2038, then the bug reported here is as a result Y2K38 problem that was recently fixed.

See http://websvn.kde.org/?view=revision&revision=1062414
Comment 10 Claudiu Cismaru 2009-12-16 09:04:07 UTC
Yes. Seems that the cookie tvtorrents.com set to remember login has year in 2077 (in firefox). In konqueror is not present at all, after select "remember login", just the session id cookie (in FF there is an additional cookie with variable named "login".
Comment 11 Dawit Alemayehu 2009-12-17 10:07:38 UTC
Great. Then this particular issue is fixed in both KDE 4.4 and the KDE 4.3 branch. For reference here is the link to the patch applied to address the problem:

http://lists.kde.org/?l=kde-core-devel&m=126071469307860&w=2

Leaving the ticket open until other related cookie expiration date related bugs are resolved....
Comment 12 Dawit Alemayehu 2009-12-18 23:14:32 UTC
SVN commit 1063612 by adawit:

- Fixed parsing of cookie expiration dates. This resolves the problem of 
  non-session cookies being treated as session ones. 
- Fixed problems with the recent Y2K38 fix.

CCBUG: 145244 
CCBUG: 176731
CCBUG: 187792
CCBUG: 191318



 M  +36 -40    kcookiejar.cpp  
 M  +5 -1      kcookiejar.h  
 M  +9 -4      tests/cookie.test  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1063612
Comment 13 Dawit Alemayehu 2010-08-18 09:52:17 UTC
See commit in comment #12
Comment 14 Dawit Alemayehu 2010-09-18 06:00:38 UTC
*** Bug 192749 has been marked as a duplicate of this bug. ***