Issues with IE9?

CellarTracker Main Site

Issues with IE9?

View related threads: (in this forum | in all forums)

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> [Cellar Talk] >> CellarTracker Support >> Issues with IE9?

Page: [1]

Message

<< Older Topic Newer Topic >>

Issues with IE9? - 11/8/2011 5:27:37 PM

Ed Luvr

Posts: 9
Joined: 2/24/2010
From: Connecticut
Status: offline

Not sure how this started but I suddenly cannot connect using IE9. I can go to the site but it continually reloads and cannot be viewed. I am successful in viewing with Firefox. I've tried to search for spyware and viruses but have found nothing. Anyone have similar issues?

_____________________________

Ed

Post #: 1

RE: Issues with IE9? - 11/8/2011 6:02:10 PM

Eric

Posts: 17314
Joined: 10/10/2003
From: Seattle, WA
Status: offline

Please see: https://www.cellartracker.com/forum/tm.asp?m=169429

I would really, really love to know the complete contents of your IE cookies as detailed in the other thread.

_____________________________

Cheers!
-Eric LeVine

http://twitter.com/cellartracker
http://facebook.com/cellartracker

(in reply to Ed Luvr)

Post #: 2

RE: Issues with IE9? - 11/9/2011 7:58:54 AM

Eric

Posts: 17314
Joined: 10/10/2003
From: Seattle, WA
Status: offline

Ed gave me the information I needed to know to understand what is going on. It actually jibes with what some earlier folks told me, but I thought they were reversing the SSL and non-SSL data. Alas, we are indeed hitting an IE bug with cookie handling and a truly bizarre one at that. I don't really know how to reproduce it, bit I am going to see if I can. Also, knowing the nature of the buggy state, I think I should be able to guard against it.

The technical explanation:

CellarTracker write two "authentication" cookies, User and PWHash. It sets a "secure" flag on these cookies, so that they cannot be seen if a user is not browsing via SSL.
However, if a logged-in user clicks on a link to a non-HTTPS page, it has no way of knowing that the user should be logged in. So by default you would just be a guest even if the computer has valid authentication cookies (since they cannot be seen on the non-SSL page). So CellarTracker writes a third cookie "SSLAuth" and makes sure it is NOT marked as secure.
Thus when you go to an HTTP page, if SSLAuth=TRUE then it redirects to SSL. However when trying to login on the SSL page, if there are no valid User and PWHash cookies the it clears the SSLAuth cookie and sends you back to HTTP.

All should work. However, in Ed's case he had an SSLAuth cookie and nothing else. To make things MORE strange, the SSLAuth cookie cannot be see when browsing on an SSL page, only when on the insecure page. The thing is, there is no such thing as cookie that does this. Either a cookie is only visible on HTTPS OR it is visible for HTTP and HTTPS. There is no such thing as a cookie that only appears on HTTP.

So now that I know at least what sort of sickness IE has, the question is how do I break the loop? I have a number of ideas that I will try to today, but it's tough to break the loop without understanding what will and will not work on IE and the true nature of the IE bug and how to make it reproduce.

Uggh. Why, why, WHY is it always IE that makes things difficult?

_____________________________

Cheers!
-Eric LeVine

http://twitter.com/cellartracker
http://facebook.com/cellartracker

(in reply to Eric)

Post #: 3

RE: Issues with IE9? - 11/9/2011 8:32:12 AM

Ed Luvr

Posts: 9
Joined: 2/24/2010
From: Connecticut
Status: offline

Thanks Eric!

Its funny that I've never seen that happen before, and why only on the CT site?

Strange!!

_____________________________

Ed

(in reply to Eric)

Post #: 4

RE: Issues with IE9? - 11/9/2011 8:43:17 AM

Eric

Posts: 17314
Joined: 10/10/2003
From: Seattle, WA
Status: offline

This SSL dance is brand new for CT as of 10/27. Most sites do not perform best practice and use all insecure cookies.

_____________________________

Cheers!
-Eric LeVine

http://twitter.com/cellartracker
http://facebook.com/cellartracker

(in reply to Ed Luvr)

Post #: 5

RE: Issues with IE9? - 11/9/2011 8:46:22 AM

Ed Luvr

Posts: 9
Joined: 2/24/2010
From: Connecticut
Status: offline

That makes sense, because that is about when I noticed it started. Thanks for your help.

_____________________________

Ed

(in reply to Eric)

Post #: 6

RE: Issues with IE9? - 11/9/2011 9:55:17 AM

Eric

Posts: 17314
Joined: 10/10/2003
From: Seattle, WA
Status: offline

I just spent an hour trying to get IE9 to corrupt my cookies, and I couldn't do it. I did make a very small, targeted change to break the SSL redirect loop. If anyone was hitting this and has not cleared cookies, I would be very curious if the problem has now gone away. (I don't fully expect that it will, since I can't replicate the buggy behavior and don't know just how hosed IE is in these situations.)

_____________________________

Cheers!
-Eric LeVine

http://twitter.com/cellartracker
http://facebook.com/cellartracker

(in reply to Ed Luvr)

Post #: 7

RE: Issues with IE9? - 11/12/2011 11:17:21 AM

Eric

Posts: 17314
Joined: 10/10/2003
From: Seattle, WA
Status: offline

I wonder, did my latest fix finally crack this nut? I haven't heard of any issues in a few days. Fingers crossed...

_____________________________

Cheers!
-Eric LeVine

http://twitter.com/cellartracker
http://facebook.com/cellartracker

(in reply to Eric)

Post #: 8