Description of problem: When I'm not logged in and go to advanced search, I can select a classification, but trying to select a product throws an error. How reproducible: always on https://beta.bugzilla.redhat.com/bugzilla/query.cgi Steps to Reproduce: 1. if logged in, log out 2. go to advanced search, select a classification (e.g. Fedora) 3. click into the product field Actual results: Error: The cookies or token provide were not valid or have expired. You may login again to get new cookies or a new token. Expected results: It should show a list of products without requiring auth.
This is happening because the browser is using a login cookie that does not exist in the database. When the Bugzilla RPC interface goes to authenticate that cookie, an exception is thrown as the cookie does not exist. Production bugzilla seems to have this same issue as well. I suspect what is happening in this case is that because the beta site logincookie is gone (beta.bugzilla.redhat.com) the browser is falling back to the production cookie (bugzilla.redhat.com) This problem is probably coming about because of the confusion of domain names.
*** Bug 1409700 has been marked as a duplicate of this bug. ***
*** Bug 1411376 has been marked as a duplicate of this bug. ***
This is apparently all working as per the RFC. http://erik.io/blog/2014/03/04/definitive-guide-to-cookie-domains/ It appears we should empty the domain in the production cookies and that will make it so browsers don't send the production cookies to sub-domains.
*** Bug 1406270 has been marked as a duplicate of this bug. ***
When we go to the public beta we will rename the server so it's not a sub-domain of production.