Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

64-bit browser is scrubbing out ltpatoken from cookie

  • 2 个回答
  • 1 人有此问题
  • 1 次查看
  • 最后回复者为 astuer

more options

when trying to login to a server configured for single sign-on, all works well using a 32-bit browser, the server responds with the ltpatoken and the browser correctly re-uses the received ltpatoken in it's next requests to the server. BUT when using a 64-bit browser, on the same workstation, connecting to the same server, the browser suddenly scrubbs out the ltpatoken from the cookie which breaks the flow and the user cannot open the web application as blocked on the login prompt.

Has anyone an idea what can cause this strange behavior. My browser settings are standard, I didn't change anything. But could it be that 64-bit has some strickter security setting which makes the browser think the ltpatoken in the cookie isn't correct ? we don't have the security bit set on the token, the domain accompanying the token is correct, so not sure what else to check as all works fine switching to 32-bit browser !

when trying to login to a server configured for single sign-on, all works well using a 32-bit browser, the server responds with the ltpatoken and the browser correctly re-uses the received ltpatoken in it's next requests to the server. BUT when using a 64-bit browser, on the same workstation, connecting to the same server, the browser suddenly scrubbs out the ltpatoken from the cookie which breaks the flow and the user cannot open the web application as blocked on the login prompt. Has anyone an idea what can cause this strange behavior. My browser settings are standard, I didn't change anything. But could it be that 64-bit has some strickter security setting which makes the browser think the ltpatoken in the cookie isn't correct ? we don't have the security bit set on the token, the domain accompanying the token is correct, so not sure what else to check as all works fine switching to 32-bit browser !

被采纳的解决方案

I finally found the cause of this issue. Security has been enforced on 64-bit browsers and additionally in Windows10. The following RFC 6265 was implemented (which isn't implemented in 32-bit browsers and not generally on windows7 workstations) which includes a check on the cookie attribute "Domain" against the public domain suffix list (https://publicsuffix.org/list/public_suffix_list.dat). I my case the token domain was included in this list which caused the browser to reject the cookie. After modifying the token dns domain to a value not included in the public domain list, the problem was solved !

定位到答案原位置 👍 0

所有回复 (2)

more options

astuer said

When using a 64-bit browser, on the same workstation, connecting to the same server, the browser suddenly scrubbs out the ltpatoken from the cookie which breaks the flow and the user cannot open the web application as blocked on the login prompt...

I'll guess at this. What about turning OFF Content Blocking or reducing the Blocking? (My settings, attached. Try other setups.)


~Pj

more options

选择的解决方案

I finally found the cause of this issue. Security has been enforced on 64-bit browsers and additionally in Windows10. The following RFC 6265 was implemented (which isn't implemented in 32-bit browsers and not generally on windows7 workstations) which includes a check on the cookie attribute "Domain" against the public domain suffix list (https://publicsuffix.org/list/public_suffix_list.dat). I my case the token domain was included in this list which caused the browser to reject the cookie. After modifying the token dns domain to a value not included in the public domain list, the problem was solved !