X-notifier hijacking cookies from other domains?
I noticed a lot of cookies suddenly vanishing from firebugs cookie view while testing scripts on a domain. After investigating, I found out that the problem stopped after disabling X-notifier.
After looking in firefox's own cookie panel, and searching for the domain I was setting cookies on, I could see that the cookies I set, had a string appended to the domain in the form of [xn#gmail#MY-EMAIL#2]. I guess that this is the reason they are not showing up in firebugs cookie panel.
It seems like a critical bug!
I will try to see if I can find a solid way to reproduce the problem, and post it.
I am currently using Cyberfox 21 and firebug 1.12.0a7. But I have experienced the problem in other versions of firefox and firebug.
Moriarty
Sun, 06/02/2013 - 19:15
Permalink
Related post
I found this post which seems to be related.
Strange cookies: http://xnotifier.tobwithu.com/dp/node/197
"It is normal. One is for background mail checking. #2 is used for opened tab."
Even if it's normal, it seems be causing some problems. Especially when it is meddling with unrelated cookies (ie cookies having nothing to do with mail accounts). In my case, it seems like it is overwriting the original cookie, when searching in firefox own cookie panel, as the cookie without the appended xn-string doesn't appear. But calling document.cookie in the firebug console in the tab with the domain, I can see the cookie I set in the cookiestring.
Moriarty
Sun, 06/02/2013 - 21:19
Permalink
Possible workaround
It seems I resolved the issue by changing the below hidden option to false:
"extensions.xnotifier.saveCookies : true
save X-notifier's cookies to Firefox's cookie manager"
I don't know what this option does, i.e. what functionality I'm limiting by setting the value to false. But it seems I no longer have issues with cookies not showing up because they are getting the xn-string appended.
tobwithu
Sun, 06/02/2013 - 21:48
Permalink
extensions.xnotifier
extensions.xnotifier.saveCookies
When it is set to 'true', X-notifier's cookies are saved in Firefox's cookie manager.
When it is set to 'false', X-notifier's cookies are not saved. They are on memories while Firefox is running.
Moriarty
Sun, 06/02/2013 - 22:53
Permalink
Thank you for the elaboration
Thank you for the elaboration. Setting it to false is definitely the way to go then.
... However, it still seems like there is a bug when set to true.
Still, thanks for a great addon.
supercereal
Fri, 06/07/2013 - 03:49
Permalink
More clues
Thank you for this, Moriarty and tobwithu. Since I installed X-notifier a few days ago, random domains would 'forget' my credentials, forcing me to login again. I disabled X-notifier when I realized it was causing the problem.
After seeing your thread I did a bit of testing, and found that X-notifier hijacks the cookies related to whatever other site tabs are open at the time I click the X-notifier icon to view my mail. That is, if I have linkedin.com, google.com and tobwithu.com tabs open, then click the X-notifier toolbar icon to view my mail, duplicate cookies will be written for those open tabs:
.mail.yahoo.com
.mail.yahoo.com[xn#yahoo#yourname%40yahoo.com#2]
.linkedin.com
.linkedin.com[xn#yahoo#yourname%40yahoo.com#2]
.google.com
.google.com[xn#yahoo#yourname%40yahoo.com#2]
.xnotifier.tobwithu.com
.xnotifier.tobwithu.com[xn#yahoo#yourname%40yahoo.com#2]
So, for now I have toggled off extensions.xnotifier.saveCookies, and all is well.
I add my thanks too, tobwithu, for such a wonderful extension!
supercereal
Fri, 06/07/2013 - 10:17
Permalink
correction
I spoke too soon.
Though I toggled extensions.xnotifier.saveCookies to false, the problem persists.
Clicking X-notifier causes other open tabs' cookies to not work. Closing then opening Firefox fixes the problem.
I am guessing it is affecting the cookies in memory?
CFBancroft
Fri, 06/07/2013 - 11:28
Permalink
Question for Tobwithu...
What Benfit saved cookie on 'Firefox's cookie manager'?
What Benfit not saved cookie, but 'on memories while Firefox is running'?
I would like for you to explain a bit more for X-N user and include me,
So that they will understand what your purpose regard to cookie handles.
Thanks, CFBancroft
tobwithu
Sat, 06/08/2013 - 15:58
Permalink
Saving cookie on 'Firefox's
Saving cookie on 'Firefox's cookie manager
- When you restart firefox, X-notifier uses those cookies. It means that X-notifier can access webmails quickly without login.
Not saving cookie on 'Firefox's cookie manager
- Prevent cookie related problems with other program.
tobwithu
Sat, 06/08/2013 - 16:01
Permalink
@Moriarty
@Moriarty
I'm not sure what is your problem exactly.
However, it seems that it is related to the session manager in X-notifier.
http://xnotifier.tobwithu.com/dp/node/5
solstyce9
Fri, 12/06/2013 - 01:35
Permalink
Scary
I'm having the same problem, two different computers. It took a lot of enabling and disabling before I narrowed it down to X-Notifier.
I'm extremely sensitive to cookie misbehavior and was thinking an extension was stealing my authentication cookies.
I'll try disabling this preference to see if it helps, but if not, I'm going to have to uninstall X-notifier. It's more important that my authentication cookies work correctly than I receive new mail notifications from my webmail accounts.