Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 572098

Summary: Constantly logged out of bugzilla under Firefox
Product: Community Reporter: Pierre-Charles David <pierre-charles.david>
Component: BugzillaAssignee: Eclipse Webmaster <webmaster>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: P3 CC: denis.roy, sw
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Whiteboard:

Description Pierre-Charles David CLA 2021-03-19 06:01:35 EDT 
Steps to reproduce:
1. Firefox 86.0 on Ubuntu 20.10. I have disabled all my extensions (except Bitwarden to manage my password). 
2. Go to a bugzilla issue, e.g. https://bugs.eclipse.org/bugs/show_bug.cgi?id=572092. I'm initialy logget out.
3. Click on "Allow Cookies" in the footer (for the ~30th time today).
4. Click on the "Log in" link in the bugzilla header, fill id/pwd, click on "Log in".
5. I'm logged in. Yeah!
6. Click on the bug link in the title, "Bug 572092".
7. The page reload but I am no longer logged in...

This has been happening for a while, but it's getting worse. Today I can not stay logged in for more than a few minutes, at best.

Just to enter this ticket I had to re log-in about 5 times.

I also get JSON-RPC errors in the browser's console:

code: 307
​
message: "The token '[HIDDEND]' is not valid. It could be because you loaded this page more than 3 days ago."
​
name: "JSONRPCError"
Comment 1 Pierre-Charles David CLA 2021-03-19 06:04:28 EDT 
I initialy thought this was related to some of the security-related extensions I have installed (uBlock0, NoScript, Cookie AutoDelete, etc.), but I can reproduce with all of them disabled.

Note that I also get the same kind of "cookie stability" issues on other Eclipse website, e.g. Gerrit and PMI, but bugzilla is the worst.

I do not experience any of this outside of eclipse.org websites.
Comment 2 Pierre-Charles David CLA 2021-03-19 06:10:47 EDT 
Here are some cookie-related error messages I see when trying to use bugzilla: https://imgur.com/a/dHV34F1

I can not attach them, because attaching a file requires a multi-step interaction with bugzilla and I am logged out at every step...

They're in french, sorry, but they're about apparently invalid usage of the "SameSite" attribute and the jsonrpc one tells me the cookie in question will soon be rejected.

Sometimes right after logging in I get "Le cookie « Bugzilla_login_request_cookie » a été rejeté car il a déjà expiré.", i.e. the cookie was rejected because it has already expired.
Comment 3 Pierre-Charles David CLA 2021-03-19 09:18:51 EDT 
Possibly related, every time I try to log in Gerrit, it seems to work at first (I see my avatar in the top-right corner), but get the following error: https://imgur.com/a/tb3TGyt

And then every interaction reveals that I am not actually logged in.

It's not just me or Linux, a colleague also sees this under Windows (FF too).

I'd like not to be forced to use Chrome/Chromium to work with Eclipse...
Comment 4 Pierre-Charles David CLA 2021-04-09 09:17:06 EDT 
I have not updated my Firefox, not changed any of its extensions or config, but the issue seems gone.
Comment 5 Denis Roy CLA 2021-04-09 10:52:38 EDT 
Lucky you, I still get logged out regularly.
Comment 6 Pierre-Charles David CLA 2021-04-12 05:01:04 EDT 
(In reply to Denis Roy from comment #5)
> Lucky you, I still get logged out regularly.

FWIW, at the time it was unusable for me I tried with a new Firefox profile ("firefox -P") with none of my extensions or configurations and did not have the issue.
I was in the process of reintroducing the extensions I use one by one to try and identify the culprit (it seems to be none of: Bitwarden, DDG Privacy Essentials, Privacy Badger or HTTPS Everywhere, at least in their default configs), but the issue is now gone for me even in my "fully loaded and customized" profile.