InformAction Forums

Hi,
I am using ubuntu LTS 16.04 64bit desktop os. When I add the noscript plugin a session id cookie appears named with my ip address. This disappears when I remove noscript.
Does anyone know if this is normal, or has anyone else experienced this?
Thanks in advance
Mike030

NoScript _connecting_ to your WAN IP address is normal.
A "session ID cookie" doesn't sound so normal.

This will depend on what's on the end of your specific IP and what you're running, so not sure how much we can help. It'll depend on what details you can provide and our access to similar.

Moving to NoScript Development in case the leaving cookies is a bug.

Hi barbaz,
Thanks for your quick response.
I use WAN on a laptop and there is no cookie on that one.
My main computer is LAN where there is a cookie.
Obviously if I type the ip from the cookie it takes me to my router login. This is my web facing ip not the 192.168... one.
What sort of information/ details do you need?
Thanks in advance.
Mike030

mike030 wrote:I use WAN on a laptop and there is no cookie on that one.

So to clarify, if you put your laptop behind the router, do you see the cookie there as well?

mike030 wrote:What sort of information/ details do you need?

Well, information about your router. Stuff that might help us figure out why it's setting cookies. For example -

What kind of router is it?
What firmware/software do you have for it?
Any custom configuration on its WAN side?

Do you have some sort of port-forwarding that would applies to NoScript's connection?

Hi Barbaz,
Sorry for the delay in responding.
The router is dsl-3780
Supplied by talktalk.
They handle the firmware updates-I think it was 1.03
No custom configurations
I have re-installed noscript and set firefox not to accept cookies at all. This has removed that cookie problem, but not too good if I want to login somewhere.

When you say put the laptop behind the router, do you mean connect it using the ethernet as opposed to wirelessly?
Cheers
Mike

Hi Barbaz,
I just checked and I had disabled noscript on the laptop.
Yes it leaves a cookie there as well
Cheers
Mike

If the cookie is dropped with NoScript disabled, then it isn't NoScript-related.

Thrawn wrote:If the cookie is dropped with NoScript disabled,

I think he means the cookie not show up with NoScript disabled on the laptop.

mike030 wrote:When you say put the laptop behind the router, do you mean connect it using the ethernet as opposed to wirelessly?

Nope. I took "use WAN on a laptop" to mean the laptop was connected DIRECTLY to the Internet. As in, no router. Thus assumed only your main computer was connected through this router.

Thanks for the additional information, now I guess we wait for Giorgio.

Hi Guys,
Thanks for the responses. I doubt that noscript is itself directly causing this, but possibly something running through it(if that's possible).
I have used noscript for awhile and have never seen this before.
Judging by what you are saying, this cookie is not a normal thing.
Cheers
Mike

Since NoScript tries to connect to your router to check its potential vulnerablity to cross-zone CSRF attacks, it's entirely up to the web interface running on the device to decide if it needs to create a session cookie or not (for instance, a session cookie is the most usual way for a web application to tell whether you're logged in), and there's no way for NoScript to prevent it from being created, if the router wants to do it. Either way, NoScript doesn't do anything with the cookie, which belongs to the router's web interface.

Hi Giorgio,
Thankyou for your reply and explanation. My apologies for the late reply.
I know my ISP added some form of security to the router, so this might be the result of that. I will try another router to test this, at some point, but after reading your explanation this is probably caused through the added security.
I think we can mark this as closed and I would like to thank you both for your support and help in this matter.
Thank you very much
Mike

Hi guys,
Just to let you know: I changed the router and voila! No more session id cookie. I am glad this was the problem as I love noscript and wouldn't want to surf the web without it.
Thanks again guys for your help and support
Mike