Opened 5 years ago

Last modified 3 years ago

#9216 assigned defect

Can't log in to www.autosport.com from TorBrowser

Reported by: msfc Owned by: mikeperry
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability-website
Cc: g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When I complete the login fields on the frontpage at www.autosport.com and click login, the page refreshes and looks exactly as before, still requesting a login.

The reasons I think this is a TorBrowser bug are:

  • I can log in from Orweb/Orbot on Android after enabling all cookies. (I enabled all cookies because Orweb's whitelist has issues). -- This rules out the site attempting to block Tor and problems

relate to use of plug-ins like flash.

  • If, after the login attempt, I view the cookies in TorBrowser I can see all the cookies set by autosport.com, storing my correct account information.

It seems as if for some reason this site's scripts are unable to read the site's stored cookies so it acts as if not logged in.

I tried the latest TorBrowser 3.0 alpha 2 and the bug persists there. I am running on OSX 10.7.5.

Child Tickets

Change History (13)

comment:1 Changed 5 years ago by mttp

Component: - Select a componentTor bundles/installation
Owner: set to mikeperry
Status: newassigned

comment:2 Changed 5 years ago by mikeperry

Component: Tor bundles/installationFirefox Patch Issues
Keywords: tbb-usability-website added

comment:3 Changed 5 years ago by gk

Cc: g.koppen@… added

comment:4 Changed 4 years ago by erinn

Keywords: tbb-firefox-patch added

comment:5 Changed 4 years ago by erinn

Component: Firefox Patch IssuesTor Browser

comment:6 Changed 3 years ago by bugzilla

Severity: Normal

TS, how does it work with the current version?

comment:7 Changed 3 years ago by cypherpunks

Keywords: tbb-firefox-patch removed

comment:8 in reply to:  6 Changed 3 years ago by msfc

Replying to bugzilla:

TS, how does it work with the current version?

Still broken even if I turn off private browsing and set Tor to remember all history.

It's definitely related to TorBrowser not Tor as I can login from Firefox on Android when using Tor as a VPN and can also log in from Orweb.

comment:9 Changed 3 years ago by cypherpunks

It's definitely related to TorBrowser not Tor as I can login from Firefox on Android when using Tor as a VPN and can also log in from Orweb.

Can you test it for modified pref noscript.secureCookies, if to set pref to false?

comment:10 in reply to:  9 Changed 3 years ago by msfc

Replying to cypherpunks:

Can you test it for modified pref noscript.secureCookies, if to set pref to false?

That did the trick. With that pref set to false, (a) the site's frame asking for permission to use cookies was displayed (it's a European site) and (b) I was able to log in.

What does this preference do?

comment:11 Changed 3 years ago by cypherpunks

What does this preference do?

https://noscript.net/faq#qa6_4

Alas, some sites to be badly broken to use this feature.

See #13330, #13332, and probably some another tickets with similar problems.

comment:12 Changed 3 years ago by cypherpunks

broken to use this feature.

btw, NoScript implements some workarounds for such sites, that possible non-works in Tor Browser.

comment:13 Changed 3 years ago by msfc

Thank you for the information. The default for noscript.secureCookies is different in the standard NoScript (false) vs. that in TorBrowser (true) which is why I never had this problem in Firefox. Adding a line in NoScript Options|Advanced|HTTPS|Cookies|Ignore unsafe cookies as directed in the link you provided also fixes this problem.

I will contact the web site to let them know about their insecure use of cookies.

Note: See TracTickets for help on using tickets.