Authentication issue with 21.02.3

21.02.2 was fine, but after upgrading with
openwrt-21.02.3-ipq806x-generic-linksys_ea8500-squashfs-sysupgrade.bin
using the correct password with cache disabled in Firefox I get a 403 and the login page.

When I use an invalid password the same happens but additionally "Invalid username and/or password! Please try again." is shown.

No issue using Chromium which had not visited the router before upgrade.

Removing the cookie in Firefox solved the issue.

I have more than one openwrt instance serving cookies to the URL depending on the AP in use...

I have HARs if anyone wants to fix that issue but somehow can't reproduce it.

???

There are many threads about making sure you clear your browser's cache. This isn't an OpenWrt-specific issue. It can occur on any website/page after it's been updated

1 Like

This has been happening for me for a long time already, far before 21.02.3. This is 100% not related to 21.02.3 itself, it's just Firefox being a piece of.....

This is an OpenWrt specific issue; it is failing to remove invalid cookies like so;

Set-Cookie: token=deleted; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT

Firefox is just doing what it is told to by OpenWrt.

1 Like

HAR...I'm confused as to why you saved the page...?

I'm guessing that you hope it contains evidence of the "issue"?

I can change any website and may have to clear the cookie; I've done it many times before. I'm not sure why you insist that it's OpenWrt-specific - it won't magically make it so. Maybe it can be set to have no cookies...or something (but again, that's not OpenWrt specific)?

That is not how web browsers work...

(a website doesn't command the remote client to delete a file)

(hence...)

...you mean your browser is failing to remove invalid cookies, correct? :wink:

@elatllat If you'd open a private window with Firefox, you'd notice that it would log you in. It's not 21.02 specific, happens with 22.03 as well e.g.

It's on and off here, some OpenWrt devices behave, some don't and need a private browsing session or another browser to be happy.

1 Like

In fact, I only open router pages in that or the Chrome/Chromium Incognito tabs now (for various reasons including security). I actually thought of this earlier - good idea! :+1:

Then [hopefully] the OP will see that it's not specific to OpenWrt - but in any case that will solve the problem.

We set our browsers to clear cache and cookies when they're closed.

Never had the issue.

1 Like