Stopped posting cookies

tultalk has asked for the wisdom of the Perl Monks concerning the following question:

Up until tuesday this week this code in script was posting cookies to firefox.

sub SetUserSessionCookie
{    
        my $printresult = "";
        my ($sname,$sid) = @_;
    #use CGI qw/:standard/;
    #use CGI::Cookie;
    warn("In set cookie: '$sname'   '$sid'");
    my $sessioncookie = new CGI::Cookie(-name=>$sname,-value=>$sid,-ex
+pires=>$session_cookie_timeout,-path=>'/',-domain=>$domain,-secure=>1
+);
    warn("session cookie: '$sessioncookie'");
    $printresult = print header(-Cookie=>[$sessioncookie],-type=>"text
+/html");
    warn("printresult: '$printresult'");
}
[download]

I had been testing program and the cookie was posted at least 100 time

On Tuesday afternoon it quit posting cookies in FF

It still posts cookies in Chrome and Blue Moon but will not work in Firefox

I checked all settings in FF, deletec all cookies and cache several times, shut down and restarted FF and computer and finally reinstalled the latest version and did a search on internet thinking a FF upgrade is the culprit. No such luck.

The warns show correct information. And: printresult: '1' at /home/jalamior/www/httpsdocs/cgi-bin/lib/perl/manageusers.pm line 687.

Of course I assume 1 = true = success.

Thanks and best regards

Comment on Stopped posting cookies Download Code

Replies are listed 'Best First'.
Re: Stopped posting cookies by huck (Prior) on Mar 30, 2017 at 12:15 UTC
open a new firefox window, click on tools->web developer->network now go to your address. In the network section below you should see lines like status/200 method/get, click on the top line, it should refer to your page in the file column. This should now change the bottom section and on the right you will find a tab called cookies, click on it. see what the response cookies looks like. maybe that will give you a clue	[reply]
Re^2: Stopped posting cookies by tultalk (Monk) on Mar 30, 2017 at 13:13 UTC
I did as you suggested (the cookie returns from a POST not a GET) and the cookie did indeed show and had an expiration 7 days hence. I checked FF \| Tools\|Options\|Privacy\|Cookies and it showed no cookie under the correct name. When I close the page and open a new one is shows that I am not logged in. Before it went kaput, it showed logged in until the cookie expired. As I stated before it works fine under Chrome and Blue Moon Thanks.	[reply]
Re^3: Stopped posting cookies by huck (Prior) on Mar 30, 2017 at 13:42 UTC
tools->options->privacy "Always use private browsing mode" isnt checked is it? what about "accept cookies from sites" you wouldnt be in a private mode browser would you? look for funny looking ??glasses?? in a purple box somewhere in the header. do a ctrl-T, is the background purple?	[reply]
Re^4: Stopped posting cookies by tultalk (Monk) on Mar 30, 2017 at 13:56 UTC
Re: Stopped posting cookies by huck (Prior) on Mar 30, 2017 at 14:19 UTC
-secure=>1 https://www.theregister.co.uk/2017/03/08/firefox_52/ To that end Firefox 52 also supports the “Strict Secure Cookies” specification. That effort prevents HTTP-only sites from delivering cookies with the “secure”attribute. That attribute denotes the cookie should only be transported over encrypted link, but it is still possible to access such cookies over HTTP under some circumstances. Adopting the new spec will mean cookies marked “secure” can only be touched by HTTPS servers.	[reply]
Re^2: Stopped posting cookies by tultalk (Monk) on Mar 30, 2017 at 18:21 UTC
In the network section below you should see lines like status/200 method/get, click on the top line, it should refer to your page in the file column. This should now change the bottom section and on the right you will find a tab called cookies, click on it. see what the response cookies looks like. maybe that will give you a clue This is very interesting. As I said I followed above directions and the cookie was there but not visible in the options tab of FF. Yet according to this "To that end Firefox 52 also supports the “Strict Secure Cookies” specification. That effort prevents HTTP-only sites from delivering cookies with the “secure”attribute. " it should not be there at all. But this is not an http only site	[reply]
Re^3: Stopped posting cookies by huck (Prior) on Mar 31, 2017 at 02:15 UTC
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie Note: Insecure sites (http:) can't set cookies with the "secure" directive anymore (new in Chrome 52+ and Firefox 52+). take ,-secure=1 off, see if it works. if it starts working then "things" are not as you think they are. It could be a "non-secure" certificate or some part is running in http rather than https.	[reply]
Re^3: Stopped posting cookies by tultalk (Monk) on Mar 30, 2017 at 20:00 UTC
Cookie does not show in bugzilla???	[reply]
Re^4: Stopped posting cookies by tultalk (Monk) on Mar 31, 2017 at 11:42 UTC
Re^5: Stopped posting cookies by poj (Abbot) on Mar 31, 2017 at 11:49 UTC
Re^4: Stopped posting cookies by tultalk (Monk) on Mar 31, 2017 at 02:04 UTC
Re^5: Stopped posting cookies by Anonymous Monk on Mar 31, 2017 at 02:09 UTC
Re: Stopped posting cookies by poj (Abbot) on Mar 30, 2017 at 12:12 UTC
Does the cookie test program I wrote for you here work ? poj	[reply]
Re^2: Stopped posting cookies by tultalk (Monk) on Mar 30, 2017 at 13:38 UTC
All I get is 500 internal server error.	[reply]
Re^3: Stopped posting cookies by haukex (Archbishop) on Mar 30, 2017 at 13:42 UTC
All I get is 500 internal server error. See the CGI Help Guide and Troubleshooting Perl CGI scripts. You could also just try adding `use CGI::Carp qw/fatalsToBrowser/;` at the top of the script.	[reply] [d/l]
Re^3: Stopped posting cookies by poj (Abbot) on Mar 30, 2017 at 13:52 UTC
Do you have access to the web server error log ?	[reply]
Re^4: Stopped posting cookies by tultalk (Monk) on Mar 30, 2017 at 14:01 UTC