Topic: httpOnly bug in Firefox

I've found a bug with httpOnly in Firefox 2.
Oddly enough, this started to occur after I installed the httpOnly plugin (and continued after I uninstalled it).

Maybe this is a FF2 problem, or maybe this is a PunBB problem, I don't know, but I'd like to see this resolved.

I've tested it on a fresh install of 1.2.14 and can't login with FF2 while IE7 and Opera can =/

Only thing I've noticed as a difference between the cookie in Firefox and Opera is this:
Opera cookie name:

punbb_cookie

FF2 cookie name (even with the httpOnly plugin uninstalled):

"hO_punbb_cookie

Re: httpOnly bug in Firefox

hO_ is added by the plugin, so it's probably a problem with that. Why it keeps doing that after you uninstalled it, is a mystery tongue

Re: httpOnly bug in Firefox

Heh. I reinstalled it and then uninstalled it again... and now it works =/ (and the cookie name is punbb_cookie again)

But I think the problem I had logging in was because the cookie name changed and PunBB didn't recognise it.

Re: httpOnly bug in Firefox

elbekko wrote:

But I think the problem I had logging in was because the cookie name changed and PunBB didn't recognise it.

Yeah, and it's not supposed to either.

Re: httpOnly bug in Firefox

There's something about this in the comments for Stefans blog post announcing the httpOnly extension:

http://blog.php-security.org/archives/4 … x-2.0.html

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: httpOnly bug in Firefox

Moved to Troubleshooting, since this appears to not be a PunBB bug

Re: httpOnly bug in Firefox

But a damn good thread. I just got the same issue (I couldn't disconnect from my board, so I erase the PunBB cookie to go bug hunt, and I found the "hO_ thing). Without it I would never thought of the httponly addon.

The addon is gone, all is fine.