Bug 1405438
Summary: | Production cookies being sent to sub-domains | ||
---|---|---|---|
Product: | [Community] Bugzilla | Reporter: | Michael Simacek <msimacek> |
Component: | User Interface | Assignee: | PnT DevOps Devs <hss-ied-bugs> |
Status: | CLOSED NEXTRELEASE | QA Contact: | tools-bugs <tools-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.0 | CC: | huiwang, jmcdonal, mtyson, qgong, vkrizan, yijli |
Target Milestone: | 5.0 | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-01-19 04:45:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael Simacek
2016-12-16 14:04:00 UTC
This is happening because the browser is using a login cookie that does not exist in the database. When the Bugzilla RPC interface goes to authenticate that cookie, an exception is thrown as the cookie does not exist. Production bugzilla seems to have this same issue as well. I suspect what is happening in this case is that because the beta site logincookie is gone (beta.bugzilla.redhat.com) the browser is falling back to the production cookie (bugzilla.redhat.com) This problem is probably coming about because of the confusion of domain names. *** Bug 1409700 has been marked as a duplicate of this bug. *** *** Bug 1411376 has been marked as a duplicate of this bug. *** This is apparently all working as per the RFC. http://erik.io/blog/2014/03/04/definitive-guide-to-cookie-domains/ It appears we should empty the domain in the production cookies and that will make it so browsers don't send the production cookies to sub-domains. *** Bug 1406270 has been marked as a duplicate of this bug. *** When we go to the public beta we will rename the server so it's not a sub-domain of production. |