[RESOLVED] session ID cookie added on activation of noscript

Bug reports and enhancement requests
Post Reply
mike030
Posts: 7
Joined: Sat Nov 05, 2016 12:40 pm

[RESOLVED] session ID cookie added on activation of noscript

Post by mike030 »

Hi,
I am using ubuntu LTS 16.04 64bit desktop os. When I add the noscript plugin a session id cookie appears named with my ip address. This disappears when I remove noscript.
Does anyone know if this is normal, or has anyone else experienced this?
Thanks in advance
Mike030
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:49.0) Gecko/20100101 Firefox/49.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: session ID cookie added on activation of noscript

Post by barbaz »

NoScript _connecting_ to your WAN IP address is normal.
A "session ID cookie" doesn't sound so normal.

This will depend on what's on the end of your specific IP and what you're running, so not sure how much we can help. It'll depend on what details you can provide and our access to similar.

Moving to NoScript Development in case the leaving cookies is a bug.
*Always* check the changelogs BEFORE updating that important software!
-
mike030
Posts: 7
Joined: Sat Nov 05, 2016 12:40 pm

Re: session ID cookie added on activation of noscript

Post by mike030 »

Hi barbaz,
Thanks for your quick response.
I use WAN on a laptop and there is no cookie on that one.
My main computer is LAN where there is a cookie.
Obviously if I type the ip from the cookie it takes me to my router login. This is my web facing ip not the 192.168... one.
What sort of information/ details do you need?
Thanks in advance.
Mike030
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:49.0) Gecko/20100101 Firefox/49.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: session ID cookie added on activation of noscript

Post by barbaz »

mike030 wrote:I use WAN on a laptop and there is no cookie on that one.
So to clarify, if you put your laptop behind the router, do you see the cookie there as well?
mike030 wrote:What sort of information/ details do you need?
Well, information about your router. Stuff that might help us figure out why it's setting cookies. For example -

What kind of router is it?
What firmware/software do you have for it?
Any custom configuration on its WAN side?

Do you have some sort of port-forwarding that would applies to NoScript's connection?
*Always* check the changelogs BEFORE updating that important software!
-
mike030
Posts: 7
Joined: Sat Nov 05, 2016 12:40 pm

Re: session ID cookie added on activation of noscript

Post by mike030 »

Hi Barbaz,
Sorry for the delay in responding.
The router is dsl-3780
Supplied by talktalk.
They handle the firmware updates-I think it was 1.03
No custom configurations
I have re-installed noscript and set firefox not to accept cookies at all. This has removed that cookie problem, but not too good if I want to login somewhere.

When you say put the laptop behind the router, do you mean connect it using the ethernet as opposed to wirelessly?
Cheers
Mike
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:49.0) Gecko/20100101 Firefox/49.0
mike030
Posts: 7
Joined: Sat Nov 05, 2016 12:40 pm

Re: session ID cookie added on activation of noscript

Post by mike030 »

Hi Barbaz,
I just checked and I had disabled noscript on the laptop.
Yes it leaves a cookie there as well
Cheers
Mike
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:49.0) Gecko/20100101 Firefox/49.0
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: session ID cookie added on activation of noscript

Post by Thrawn »

If the cookie is dropped with NoScript disabled, then it isn't NoScript-related.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: session ID cookie added on activation of noscript

Post by barbaz »

Thrawn wrote:If the cookie is dropped with NoScript disabled,
I think he means the cookie not show up with NoScript disabled on the laptop.
mike030 wrote:When you say put the laptop behind the router, do you mean connect it using the ethernet as opposed to wirelessly?
Nope. I took "use WAN on a laptop" to mean the laptop was connected DIRECTLY to the Internet. As in, no router. Thus assumed only your main computer was connected through this router.

Thanks for the additional information, now I guess we wait for Giorgio.
*Always* check the changelogs BEFORE updating that important software!
-
mike030
Posts: 7
Joined: Sat Nov 05, 2016 12:40 pm

Re: session ID cookie added on activation of noscript

Post by mike030 »

Hi Guys,
Thanks for the responses. I doubt that noscript is itself directly causing this, but possibly something running through it(if that's possible).
I have used noscript for awhile and have never seen this before.
Judging by what you are saying, this cookie is not a normal thing.
Cheers
Mike
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:49.0) Gecko/20100101 Firefox/49.0
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: session ID cookie added on activation of noscript

Post by Giorgio Maone »

Since NoScript tries to connect to your router to check its potential vulnerablity to cross-zone CSRF attacks, it's entirely up to the web interface running on the device to decide if it needs to create a session cookie or not (for instance, a session cookie is the most usual way for a web application to tell whether you're logged in), and there's no way for NoScript to prevent it from being created, if the router wants to do it. Either way, NoScript doesn't do anything with the cookie, which belongs to the router's web interface.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0
mike030
Posts: 7
Joined: Sat Nov 05, 2016 12:40 pm

Re: session ID cookie added on activation of noscript

Post by mike030 »

Hi Giorgio,
Thankyou for your reply and explanation. My apologies for the late reply.
I know my ISP added some form of security to the router, so this might be the result of that. I will try another router to test this, at some point, but after reading your explanation this is probably caused through the added security.
I think we can mark this as closed and I would like to thank you both for your support and help in this matter.
Thank you very much
Mike
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:49.0) Gecko/20100101 Firefox/49.0
mike030
Posts: 7
Joined: Sat Nov 05, 2016 12:40 pm

Re: [RESOLVED] session ID cookie added on activation of nosc

Post by mike030 »

Hi guys,
Just to let you know: I changed the router and voila! No more session id cookie. I am glad this was the problem as I love noscript and wouldn't want to surf the web without it.
Thanks again guys for your help and support
Mike
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0
Post Reply