Firefox(windows7) v26 not setting cookie in a 302 redirect, other browsers does
I am using firefox v26 for windows. My os is windows7. I am using SAML security mechanism for my application, I am creating a cookie in sso web application as follows Cookie cookie = new Cookie(ACCESS_TOKEN, "accessToken"); cookie.setPath("/"); cookie.setDomain(".domain");
after creating cookie in sso I am redirecting to my application. Firefox is not setting this cookie, chrome, IE, safari are setting the cookie. sso and my application are hosted on different servers but ".domain" part is common to both dns.
All Replies (5)
I don't have easy access to an ASP.Net server for testing. Does your Firefox work in an Apache/PHP scenario?
Here's the destination page: https://jeffersonscher.com/res/jstest.php
If you load that and reload it, you should see that there are no cookies in the HTTP Request headers.
If you use the redirector page to access the destination page, you now should see a cookie when you reach the destination page: https://jeffersonscher.com/res/redirme.php
Does it work?
In case you have not confirmed, please open Firefox's web console (Ctrl+Shift+k) and open the redirect page again. Click the URL of the redirect page to confirm that Firefox is seeing the cookie as part of the response. (Screen shot example attached.)
I can see cookie set in this case. Here destination page https://jeffersonscher.com/res/jstest.php and redirecting page https://jeffersonscher.com/res/redirme.php are of same domain jeffersonscher.com, but in my case its like below destination page : 'a.b.domain' redirecting page : 'x.y.domain'
I am creating a cookie in redirecting page as in my first post, I am using java/tomcat. In all other browsers cookie getting set but not in firefox.
If you view the SET-COOKIE header in Fiddler or another proxy, can you confirm that you have the base domain set? For example, from this new page that redirects across subdomains on two different servers:
http://www.jeffersonscher.com/res/redir2.php
HTTP/1.1 302 Found Date: Mon, 03 Feb 2014 03:28:42 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/5.3.24 Set-Cookie: redir2Cookie=OatmealRaisin; expires=Mon, 03-Feb-2014 03:38:42 GMT; path=/; domain=jeffersonscher.com Location: http://dev.jeffersonscher.com/jstest.asp Content-Length: 0 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html
Yup, and to tell if it is a server or a browser issue the 302 error will say found or not found. It if is found then it redirected successfully in the browser. If it was not found there is not response or it is a redirect loop.
I do not know if this is a browser or server issue, but to tell the information will be in the response cookie.
Please check the cookie to make sure the Location is set in the redirect loop. What version of open SAML are you using?