Ability to set cookies seems not to be tested for correctly

  • Using the latest-and-greatest Firefox browser and 2.1.2, I find that in order to use the web interface I have to completely open my system to any random cookie instead of specifically allowing cookies from the firewall's ip.

    If I have cookies locked out from sites not on the approved list, I cannot log in to the web interface.  I get no information at that point about what might be going on; the accountname and password are simply erased.  Since I've seen this problem before in certain other cases, I was pretty sure that disabling the cookie list would immediately allow me to access the interface.  And it did.  And that's when I get the (incorrect) message that my session was idle too long or I need to allow cookies.

    This is apparently a problem with how the interface is trying to determine whether it can set a cookie, since most sites get it right but a minority of sites don't.

    It seems like a bad idea for us to have to turn off cookie gatekeeping in order to use the web interface.  It's certainly annoying!

  • Rebel Alliance Developer Netgate

    The last time I saw something like that, it was a broken configuration on the GUI. It was configured for HTTPS but had no certificate to use. Go to System > Advanced. Set the GUI to use HTTP, save, and then see if you can reach the GUI without messing with cookies. If that worked, then try changing it back to HTTPS. You may have to manually create your own CA/Cert for use by the GUI.

  • That's not it – it was and is set to http.

  • I've up'd to 2.1.3 and the problem still persists.

Log in to reply