If I specify columns to display in the bug query result, the list of columns to be displayed is stored in COLUMNLIST cookie. The columns are separated by whitespace, which breaks standards, and also breaks sending of other cookies to the same domain (the COLUMNLIST cookie is sent, though). This cookie breaks cookie handling for NS 4.x, current Mozilla (0.9.7), and IE6 as well. For instance, on our Intranet, we have http://quake.intranet/bugzilla for bugs, and http://quake.intranet/manage for site management. Once the cookie COLUMNLIST is set up, cookies to http://quake.intranet/manage do not get send. If I delete that cookie, problem fixed. Please either fix content of that cookie, or Mozilla :-) (and NS4, IE6 as well:-)

The COLUMNLIST cookie works without problems for me on ie6 on windows, ns4 on windows, and mozilla on windows and linux, so spaces aren't the issue. If you've referring to multiple bugzilla instalations' cookies interfering with each other, that was bug 19910, which was fixed after 2.14. I don't think you are, though. Can you be a bit more specific about the problem? What version of bugzilla are you running?

We are using Bugzilla 2.14.1. The problem occurs on any browser, including IE6, NS4 and Moz 0.9.8. We tracked this down via Apache logs and also empirically - once this COLUMNLIST cookie is set, no other cookies get send to the domain. We only have one Bugzilla installation, but multiple sites (non-bugzillas) are running on that URL (handled via Apache rewrite rules). But Apache never receives the other cookies (although they are actually set once requested on browser, it is just (any) browser that does not send them.) And last but not least, the content of the cookie really breaks standards (no whitespace is allowed in cookie content. Also, the COLUMNLIST cookie *DOES* work, it is just that no other oookie does.

In any case, if this is changed, at least the following places need to be touched: buglist.cgi: @displaycolumns = split(/ /, $::COOKIE{'COLUMNLIST'}); the creation of $list here: colchange.cgi: print "Set-Cookie: COLUMNLIST=$list ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; colchange.cgi: @collist = split(/ /, $::COOKIE{'COLUMNLIST'}); The code in buglist.cgi that uses the columnlist form parameter (if present) already splits on /[ ,]+/ , so the other two splits should probably do the same, and then the $list generated for Set-Cookie in colchange.cgi could be changed to use "," instead of " " as the separator in these two places: my $list = join(" ", @collist); $vars->{collist_string}= value_quote(join(" ", @collist)); If you're lucky, that's it. I would not object to this change.

I just had one of those :) (Using Moz trunk 2002072718 on WinME.) Cookie: LASTORDER=bugs.delta_ts%2Cbugs.creation_ts%2Cbugs.delta_ts%2Cbugs.resolution%2Cbugs.delta_ts%2Cbugs.component%2C%20bugs.creation_ts%2C%20bugs.priority%2C%20bugs.bug_severity; COLUMNLIST=opendate changeddate severity status resolution votes target_milestone status_whiteboard summary; Bugzilla_login=tmptgr@hotmail.com; BUGLIST=65008:74080:130041:159364:84106:159786:146884:45375:61893:3701:153177:141410:70141:52140:128322:86247:40106:104319:11008:109607:47108:151896:52500:98971:75077:9101:159768:56219:159743:152192:1777:56301:159440:139025:143365:85872:159407:126072:132551:151520:3247:17457:28586:156997:157004:639:68406:68427:55181:152913:137477:128807:76828:135331:150339:5998:7806:135980:20807:131466:159813:77572:40873:140628:152213:113536:123367:136392:144480:86504:17048:79411:103562:73192:98800:105951:73087:116934:60968:61846:138680:60861:140544:80392:148782:66012:131160:148207:159771:97806:119115:137079:159082:156909:159830:77718:44242:84622:111905:159823:124029:159191:140576:159834:159835:159799:159828:145503:55309:60734:159842:58724:94176:159477:65571:159713:115634:33966:133604:107089:134107:159833:109427:47909:112534:158888:118786:159051:102812:159856:32966:33339:159857:159761:115520:132965:138000:109569:138813:99828:151837:159859:145439:114877:159861:25742:137782:127713:159434:123563:158080:22775:48037:72451:138921:136326:130644:152725:134618:159868:121251:121257:121258:156593:157438:131043:159871:159832:159849:140867:7965:159873:159838:141153:138191:140802:158829:94340:15144:156584:120863:159864:159878:159860:127575:58327:47838:142969:159795:132755:159880:98158:158752:157072:122022:110349:159853:138472:113581:77730:152315:90613:121533:123821:155002:94339:153108:159889:159888:8275:155440:159547:153240:55690:159855:58937:78220:119491:117429:91643:153935:159359:157915:156317:136999:121615:159891:54786:159897:138549:153772:134889:120705:103843:155325:102132:105885:113934:48333:121414:152120:159854:159614:159586:146200:76495:97424:146915:146867:158377:147404:159089:146813:157401:112609:68538:59132:154120:159512:64908:82849:120327:152476:159537:146340:159910:49543:132019:147927:104501:71627:159911:26262:126730:57505:146742:112117:72540:48926:15322:157199:157415:157397:24418:141215:159431:139470:158544:138945:149109:158920:138452:159928:159920:154926:131927:130764:86249:126685:133345:156464:133242:148131:148126:155402:158438:24824:115714:75047:99256:78113:108365:88588:87736:80151:86999:148105:94519:136991:83012:159934:159777:153206:146099:158365:159908:83552:159534:157128:125118:141476:159314:158729:72361:126189:142070:16203:92116:46555:156577:68454:119744:30088:159774:94734:12559:141333:85895:119710:38966:159357:154187:159894:159942:77790:127131:157592:100572:114701:122750:158129:111689:104449:106580:38981:132759:159863:83202:51683:141227:123445:141619:74986:158211:130796:159207:60289:145882:155344:57332:159839:159953:159955:134113:159328:71874:57805:159773:143556:56765:158171:159961:156979:154999:159909:158364:159963:158820:9449:159733:159964:26638:34710:48202:103944:132957:65092:118883:141935:135272:158672:81615:142642:159924:151186:159927:159917:152429:159947:159968:105340:158528:88739:127985:127872:114962:147874:154230:120383:157055:148376:133835:159977:142855:140379:125849:159900:90695:159893:159564:155243:50633:136210:149627:25537:155018:159984:81724:159276:76525:159389:127567:159742:150232:159494:124996:155459:152739:142076:154896:159036:159989:151660:158282:159188:115473:159090:68434:135309:43543:53895:153633:158115:159844:148813:120494:153828:154018:159949:55416:64451:153815:133212:72444:32218:157993:159533:78510:90337:159736:160000:126919:158919:158598:126731:159985:89396:75121:87285:159704:84305:157673:148598:159791:143047:136915:152651:57420:107153:158632:151860:159930:146285:159912:136527:159646:143830:156043:158040:159936:136906:159981:159979:107484:149785:144533:155080:96736:86194:160009:160010:78037:159899:64560:14989:160012:160011:160013:153091:29300:159932:160014:159780:152090:126826:153083:159995:144595:145267:159348:159998:136221:160016:160003:159800:12493:1598

Removing the LASTORDER cookie enables me to load Bugzilla pages again. Trunk 2002080718 on Windows ME.

Today, I also had to delete the COLUMNLIST cookie. Trunk 2002081808 on Windows ME. OS should be All i think.

I could *swear* up and down that we had a patch for this already... I could swear I helped someone write it a while back (the solution was to url-encode the cookie), but I can't for the life of me find it. Anyone have a clue?

Looking at my current cookies this appears to be fixed as of 2.17.6 (prob much earlier). I have fixed in my current install (2.16.1) with the following simple patches - just in case anyone is interested ... in buglist.cgi: 1262c1262 < @displaycolumns = split(/ /, $::COOKIE{'COLUMNLIST'}); --- > @displaycolumns = split(/ /, url_decode($::COOKIE{'COLUMNLIST'})); in colchange.cgi: 84c84 < my $list = join(" ", @collist); --- > my $list = url_quote(join(" ", @collist)); 99c99 < @collist = split(/ /, $::COOKIE{'COLUMNLIST'}); --- > @collist = split(/ /, url_decode($::COOKIE{'COLUMNLIST'})); I think this bug can be safely closed out now.

Closing per comment #8 (I no longer have the environement to test it, sorry).

According to usually trustworthy sources: <justdave> switching to use CGI.pm is what fixed it though Which is what bug 147833 was all about.