flat assembler
Message board for the users of flat assembler.

Index > Feedback > Firefox FASM Board Issues

Goto page Previous  1, 2, 3  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
revolution wrote:
Okay, let's track this. As of [~24 hours ago]:

_t cookie = 1593 bytes.
_data cookie = 126 bytes.
_sid cookie = 32 bytes.
And now:

_t cookie = 1736bytes.
_data cookie = 126 bytes.
_sid cookie = 32 bytes.

So far it looks as though only the _t cookie grows. 143 bytes in the last 24 hours.
Post 10 May 2009, 16:33
View user's profile Send private message Visit poster's website Reply with quote
pal



Joined: 26 Aug 2008
Posts: 227
pal
Yeah. The _sid and _data cookies are for encrypted log in information and "remember me" type things.

Not sure what the exact purpose of _t is but mine is now: 644 (143 bytes bigger also). Correlation? In 20 minutes it will have been 24 since the 501 I posted before?
Post 10 May 2009, 17:38
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
Another 24 hours and another 113 bytes.

_t cookie: 1849 bytes.

And after reading all the messages:

_t cookie: 1936 bytes. +87 bytes just to mark 8 messages as read.
Post 11 May 2009, 19:40
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
Now "_t"=1993 bytes (the other cookies don't change)

I have confirmed that there is no proxy in my connection so I will be able to test this all the way to the server without any disturbance.

I had some connection problems today - the occasional blank response page from the forum - but they seem to have cleared now. Normally this is where I would kill all the cookies and start over, but for the sake of testing I will persevere for a while longer.
Post 12 May 2009, 16:38
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

I have confirmed that there is no proxy in my connection so I will be able to test this all the way to the server without any disturbance.

How do you confirmed that?
Post 12 May 2009, 16:57
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
I started using the https connection to powweb.
Post 13 May 2009, 02:03
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
hehe, good plan!
Post 13 May 2009, 02:17
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
My test had to stop about 12 hours ago when Firefox decided not to run anymore. I am not sure if it was a cookie problem or not that caused it. FF just closed without any error notification and all my cookies were gone when I started it up again. So I guess the monitoring starts again. If FF crashes again after 1993 byte cookies then perhaps there is an issue with it? Not sure, time will tell but the cookie spec allows for up to 4k.
Post 13 May 2009, 17:07
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

Not sure, time will tell but the cookie spec allows for up to 4k.


RFC 2109 - HTTP State Management Mechanism wrote:
6.3 Implementation Limits


Practical user agent implementations have limits on the number and
size of cookies that they can store. In general, user agents' cookie
support should have no fixed limits. They should strive to store as
many frequently-used cookies as possible. Furthermore, general-use
user agents should provide each of the following minimum capabilities
individually, although not necessarily simultaneously:

* at least 300 cookies

* at least 4096 bytes per cookie (as measured by the size of the
characters that comprise the cookie non-terminal in the syntax
description of the Set-Cookie header)

* at least 20 cookies per unique host or domain name

User agents created for specific purposes or for limited-capacity
devices should provide at least 20 cookies of 4096 bytes, to ensure
that the user can interact with a session-based origin server.

The information in a Set-Cookie response header must be retained in
its entirety. If for some reason there is inadequate space to store
the cookie, it must be discarded, not truncated.

Applications should use as few and as small cookies as possible, and
they should cope gracefully with the loss of a cookie.
Post 13 May 2009, 17:32
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
OK, I have installed the following php on my Apache:
Code:
<?php 
  if (!isset($_COOKIE['testCookie']))
  {
    $cookie = 'A';
    $browserCookieSize = "Cookie not present";
  }
  else
  {
    $cookie = $_COOKIE['testCookie'];
    $browserCookieSize = strlen($cookie);
  }
  
  if (isset($_GET['increase'])){
// No, I'm not validating the data type of 'increase', this is just a test you know, not a production software...  

    for ($i = 0; $i < $_GET['increase']; $i++)
      $cookie = $cookie . 'A';
  }

  setcookie('testCookie', $cookie, time()+60*60);
    
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>Cookie Maximum Length Test</title>
    <script type="text/javascript">
    function load(){
       var div = document.getElementById("lengthDiv");
           var start = -1, end = -1;
           
      if ((start = document.cookie.indexOf("testCookie=")) != -1){
               
            if ((end = document.cookie.indexOf(";", start)) == -1)
              end = document.cookie.length;

                   div.innerHTML = end - start - "testCookie=".length + " (not including 'testCookie=')";
        }
      else
              div.innerHTML = "Cookie not found!";
      }

    </script>
</head>
<body onload="load()">
        <div id="lengthDiv"></div>
    <br />
        <div>Cookie size recieved by server: <?php echo $browserCookieSize ?></div>
   <div>Cookie size sent by server (may be wrong): <?php echo strlen($cookie); ?></div>
</body>
</html>    


Results were:
IE 7 wrote:
Cookie not found!


Cookie size recieved by server: 5068
Cookie size sent by server (may be wrong): 5069
(Note that document.cookie works on IE but it starts to fail when the cookie is "too big")
Firefox 3.0.10 wrote:
4086 (not including 'testCookie=')

Cookie size recieved by server: 4086
Cookie size sent by server (may be wrong): 4087
Opera 9.64 wrote:
4046 (not including 'testCookie=')

Cookie size recieved by server: 4046
Cookie size sent by server (may be wrong): 4047


Note that although the server side measure of the cookie size sent may be wrong, I have confirmed by sniffing that at least +8K bytes can be sent.

Looks like all the browsers when receive a cookie bigger than their maximum supported size they just ignore it and use the previous value of it instead (so using a increase of 6000 the first time will make all browser not set the cookie).

There are some more experiments to do but I have no more time for this now.

PS: All the results correspond to /cookie-test.php?increase=1 after being repeated several times with no perceivable increment.
Post 13 May 2009, 20:04
View user's profile Send private message Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2140
Location: Estonia
Madis731
Post 14 May 2009, 06:17
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
My _t cookie is now 2376 bytes. No noticeable access problems right now, working fine with https.
Post 15 May 2009, 13:02
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
Okay, I have brought my _t cookie to 3667 bytes. Let's see how it goes from here. Only ~400 bytes till the FF max is achieved.
Post 15 May 2009, 14:11
View user's profile Send private message Visit poster's website Reply with quote
Mac2004



Joined: 15 Dec 2003
Posts: 313
Mac2004
pal wrote:
I have just updated to 3.0.10 now (since you said it was out - my FF doesn't download automatically). At the time I was using 3.0.8.


I check FF updates manually due to the same fact. FF automatic update doesn't work all the time. Annoyance caused by this is not very big though.
Post 16 May 2009, 05:18
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
_t = 3897.

What will happen at ~4096?
Post 16 May 2009, 17:37
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
stop before you'll create a black hole!
Post 16 May 2009, 19:53
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
Borsuc wrote:
stop before you'll create a black hole!
The black hole is almost here:

4011 bytes.
Post 17 May 2009, 11:03
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
My _t cookie is now stuck at 4068 bytes. Nothing is updating, all the unread threads remain unread.

[edit]
It is not all the threads remain unread, it is new threads that remain unread. Threads that I have previously viewed can update the unread flag for new messages.
Post 17 May 2009, 14:58
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
With both, HTTP and HTTPS?
Post 17 May 2009, 16:57
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
My results are with HTTPS.

If I try HTTP then I get a blank page and cannot use the board at all with my giant cookie.
Post 18 May 2009, 01:03
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.