Firebug 2.0.17: Why does cookies panel show different attributes for cookies to the network panel
136 views
Skip to first unread message
Peter Row
Jul 5, 2016, 6:36:02 AM7/5/16
to Firebug
Hi everyone,
I'm using a combination of jquery.cookies.js and server set cookies (ASP.NET MVC).
For both the jQuery plugin and server side I am setting the default for HttpSecure on cookies to true, i.e. all cookies can only be sent over HTTPS.
Running my site from localhost I check the cookies panel in FireBug from the home page, no cookies present, great this is expected.
I then use the site and a couple of cookies get set some via JS some via server.
My confusion...
On the network panel if I look at the GET request for the page and switch to the cookies for that request it lists the cookies but the secure column is blank.
If I switch to the cookies panel (i.e. the overall global for site) then it again lists the same cookies but this time in the secure column it shows true in all cases - as I would expect.
The cookies are created both on JS and server side with the secure attribute set to true so they never existed without it set so why does firebug display this differently?
Regards,
Peter
I'm using a combination of jquery.cookies.js and server set cookies (ASP.NET MVC).
For both the jQuery plugin and server side I am setting the default for HttpSecure on cookies to true, i.e. all cookies can only be sent over HTTPS.
Running my site from localhost I check the cookies panel in FireBug from the home page, no cookies present, great this is expected.
I then use the site and a couple of cookies get set some via JS some via server.
My confusion...
On the network panel if I look at the GET request for the page and switch to the cookies for that request it lists the cookies but the secure column is blank.
If I switch to the cookies panel (i.e. the overall global for site) then it again lists the same cookies but this time in the secure column it shows true in all cases - as I would expect.
The cookies are created both on JS and server side with the secure attribute set to true so they never existed without it set so why does firebug display this differently?
Regards,
Peter
Sebastian Zartner
Jul 6, 2016, 1:54:38 AM7/6/16
to Firebug
The Net panel only displays the data that is sent over the wire, i.e. within the Cookie and Set-Cookie headers. For sent cookies this is just the name and the value of the cookie. Therefore the other columns (Domain, Path, Expires, Max. Age, HttpOnly and Security) should actually be removed as requested in issue #5698. For received cookies you'll see the columns filled like within the Cookies panel.
Here's an example:
Sebastian
Peter Row
Jul 6, 2016, 6:52:36 AM7/6/16
to Firebug
Ah ha! Thanks for the reply. Now if only they would fix this misleading UX.
It was especially problematic for me since I was trying to implement changes to the application following a penetration test so wasted time thinking I'd not coded something correctly when in fact it was just a display issue.
It was especially problematic for me since I was trying to implement changes to the application following a penetration test so wasted time thinking I'd not coded something correctly when in fact it was just a display issue.
Sebastian Zartner
Jul 6, 2016, 7:44:32 AM7/6/16
to Firebug
It is very unlikely that it gets fixed. Firebug 2 doesn't work anymore once multi-process Firefox is enabled (which will probably be in Firefox 48) and instead the Firefox DevTools will get a Firebug theme. See the related blog post.
And the Firefox DevTools don't have this issue.
Sebastian
And the Firefox DevTools don't have this issue.
Sebastian
Reply all
Reply to author
Forward
0 new messages