See here.
It is a bug in Opera 12.15 and newer.
Latest posts made by svdb0
- Opera for Windows
-
Opera for WindowsRE: not able to log in to ING Bank in the Netherlands
This has nothing to do with user agent snooping.
It seems to be a bug in Opera in the cookie domain handling.After entering the correct login credentials, there are a couple of redirects, one of which is a request for the URL
https://bankieren.mijn.ing.nl/ssm/sso/login?Target=https://bankieren.mijn.ing.nl/particulier/betalen/index
In the response, the server sets (among others) the following cookies:Set-Cookie: agreementid=[snipped]; Domain=.ing.nl; Path=/; Secure Set-Cookie: atp=[snipped]; Domain=.ing.nl; Path=/; SecureThis response also includes a redirect:
HTTP/1.1 302 Moved Temporarily location: https://bankieren.mijn.ing.nl/ssm/sso/continue?Target=https%3A%2F%2Fbankieren.mijn.ing.nl%2Fparticulier%2Fbetalen%2FindexIn the next request, the URL
https://bankieren.mijn.ing.nl/ssm/sso/continue?Target=https%3A%2F%2Fbankieren.mijn.ing.nl%2Fparticulier%2Fbetalen%2Findex
is requested. However, the two aforementioned cookies are missing here.Looking through RFC 6265, I see no reason why these cookies should be omitted.
And when using Firefox, these cookies are present as expected, and the site is usable.If I intercept the request and change the value in the response to 'bankieren.mijn.ing.nl', I can make use of the site in Opera as I used to be able to.
(As all requests are to bankieren.mijn.ing.nl, the Domain parameter is not even necessary.)If I had to make a guess, I'd say that the three periods in the domain name is what's confusing Opera.
I have not reported the bug via the Opera bug tracker, as the tens of bug reports I've made in the past never seemed to have any effect. But don't let that stop you from trying to report it yourself; maybe it's just me.