In June of 2010, Valdosta State University transitioned to using Microsoft’s Live@EDU service for our e-mail. This is Microsoft’s competing product line with Google’s Apps for Education service. There were many reasons why we chose the Microsoft service which I won’t get into here, suffice it to say, that was the decision that was made.
While I don’t use the web interface all that much, when I do use it on Safari 5 for the Mac, I have noticed an oddity. After you login to the system and do whatever you plan to do that session, to logout you should click the “Sign Out” link. Seems standard enough, right? Well, not exactly. On Safari on the Mac I have noticed that I get an error when the signout process is attempted. When testing Firefox 3.6.11, I found I wasn’t receiving the error screen and the signout process completed successfully.
After delving more into this it turns out that the problem is third-party cookies. The default settings in Safari are very restrictive. They are also all or none. There is no exception list to the privacy settings for browser cookies in Safari, unlike Firefox. Also, it turns out that if you change the settings in Firefox to match the restrictive settings in Safari you get the same error screen.
In order to find out what site was causing the problem I cleared all the cookies for Safari, then enable the setting to always allow cookies. After comparing the list of cookies that were set, I found one listed for the domain passport.com that did not show up in the cookie list when Safari is set to accept cookies only from sites that I visited.
Further investigation using the Live HTTP Headers add-on in Firefox revealed the following for that domain:
http://loginnet.passport.com/ThirdPartyCookieCheck.srf?ct=1287943985 GET /ThirdPartyCookieCheck.srf?ct=1287943985 HTTP/1.1 Host: loginnet.passport.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0 HTTP/1.1 302 Found Connection: close Date: Sun, 24 Oct 2010 18:13:05 GMT Server: Microsoft-IIS/6.0 PPServer: PPV: 30 H: BAYIDSLGN1F57 V: 0 Content-Type: text/html; charset=utf-8 Expires: Sun, 24 Oct 2010 18:12:05 GMT Cache-Control: no-cache Pragma: no-cache P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Set-Cookie: MSPP3RD=2832116359; domain=.passport.com;path=/;HTTPOnly= ;version=1 Content-Length: 0 Location: http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 ---------------------------------------------------------- http://loginnet.passport.com/ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 GET /ThirdPartyCookieCheck.srf?tpc=2832116359&lc=1033 HTTP/1.1 Host: loginnet.passport.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://login.live.com/logout.srf?lc=1033&nossl=1&lc=1033&ru=https://login.microsoftonline.com/login.srf%3Flc%3D1033%26ct%3D1287943985%26rver%3D6.1.6206.0%26id%3D260563%26wa%3Dwsignoutcleanup1.0%26nossl%3D1%26wreply%3Dhttps:%252F%252Foutlook.com%252Fowa%252F%253Frealm%253Dvaldosta.edu&id=12&wa=wsignout1.0 Cookie: MSPP3RD=2832116359 HTTP/1.1 200 OK Cache-Control: no-cache Connection: close Date: Sun, 24 Oct 2010 18:13:06 GMT Pragma: no-cache Content-Type: image/gif Expires: Sun, 24 Oct 2010 18:12:06 GMT Server: Microsoft-IIS/6.0 PPServer: PPV: 30 H: BAYIDSLGN1F50 V: 0 P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Content-Encoding: gzip Vary: Accept-Encoding Transfer-Encoding: chunked
Continuing the investigation, I decided to force Firefox to ask me about each cookie that was going to be set. This makes a dialog show up for each cookie attempt giving me the option to deny it, allow it only for the current session, or always allow. After walking through the tortorous process of a complete login/logout session, it turns out that two cookies are being set for the domain passport.com with each of them set to expire at the end of the session. More detail on the cookie can be seen in the screen shot of the cookie detail (provided by the plugin Add N Edit Cookies) shown below:
So, the next step was to fire up my VM and see how all this worked on the Windows side of things. I figured that since we had not been deluged with user requests concerning this that the browsers on the Windows side of the equation were handling it all differently. Firefox on Windows is configured out of the box just like Firefox on Mac OS X. So, as I expected the operation was the same as well. If you allow for third-party cookies, then it works fine, if you don’t then you get the error screen.
The interesting development is the settings for Internet Explorer. Bear in mind that I am using Windows 7 and Internet Explorer 8, but the settings should be fairly similar on Windows XP and between versions 7 and 8. The default setting in IE8 is to all third-party cookies, but (and this is the key) only if they have a compact privacy policy (P3P). This is the setting that makes the big difference.
It turns out that neither Firefox nor Safari support P3P headers by default. In fact there doesn’t appear to be any support for them in Safari at all. Configuring Firefox to support them requires some advanced editing of the main configuration file.
I haven’t found any adverse effects to the workings of Outlook Live when using Safari, but it is rather annoying that this occurs.
References
While working on a method to allow the VSU Communications Unit to add or change the stories in the rotation on the main VSU webpage, I ran into a problem that involved a known Safari issue involving file uploads.
I don’t regularly create forms that allow for an upload of a file, however I don’t like to store binary data in the MySQL database either. Allowing the files to be uploaded makes creating pages that use them a whole lot easier, since I don’t have to “create” the image from the binary data, just pass off a file location and let the browser do the rest.
The symptoms exhibited were that when submitting the form, Safari would hang about 30-40% of the time. No error messages or timeout messages were displayed. Zip, zilch, nada!
Continue reading
While re-loading the OS and apps on my iMac at work, I ran into major issues whilst updating MS Office 2008. When running the first update, Office 2008 SP1 (12.1.0) I had no problems, however none of the other updates would run. I kept getting the error “You cannot install Office 2008 Updates on this volume. A version of the software required to install this update was not found on this volume.”
At first I thought that this might be due to some permissions shenanigans revolving around my AD/OD setup, since the logged in user was not a local admin, but had been granted administrator privileges through a nested group trick.
After more searching I ran across a post on the forums MacRumors.com pointing out problems when running updates on an Office 2008 install that had been altered by using Monolingual or XSlimmer.
Both of these programs were developed to slim down the sizes of binary applications on OS X. Monolingual strips the “additional languages” from OS X programs and operating system files, while XSlimmer is designed to remove both the extra language information and the unused binary code in a fat binary. I have never used either of these programs, since I was not concerned about the amount of disk space they utilize.
After more searching, I ran across a post in the Entourage Help Pages discussing troubleshooting Office 2008 installations. While this page also mentioned issues with installations being altered by Monolingual and XSlimmer, it also pointed out an issue with a workaround created to handle a bug in how Safari deals with the docx file extension. While the automator workflow mentioned does not appear to actually affect anything other than the names of files, it did jog my memory about something else Safari related that occured when installing Adobe CS 4 earlier the same day.
While installing CS 4 and the available updates, I was prompted to not only quit Safari, but also to quit XMarks for Safari. For those that don’t know, XMarks is a great service for synchronizing your browser bookmarks between multiple machines, platforms, and browsers.
On a hunch I quit XMarks for Safari, as well as the browser itself. No dice, I still got the error. Knowing how easy it would be to reinstall the helper application, I uninstalled XMarks. Eureka! The Office updaters now ran without a hitch. So, if you are having this problem, try deactivating or removing anything plugins that effect the default nature of Safari.
Lately I have noticed that when browsing the web my external hard drive would spin up when there seemed no need. I had just given into the mysterious and not concerned myself with this until yesterday.
After a few searches, I turned up a post on Apple’s discussion boards entitled Safari pauses & spins up ext HDs with ATS Autoactivation errors. While I have not found the errors in my logs refered to by the OP, I have noticed the exact same symptoms.
Using the symptoms and discoveries by W. Raideer and strangebirds as a guideline, I found a solution to the issue. While this may in fact be a bug, it turns out that if you disable Spotlight on the external drive this activity ceases, at least in my case.
To quote the Help documentation for Font Book on the Automatic Activation feature:
Note that if you turn off Spotlight searching for any folder or disk connected to your computer, Font Book can’t find and enable fonts in those locations.
After listing my external drive in the Spotlight preference pane section labeled Privacy, I have ceased to have this particular issue. While this may not be advisable or desirable, depending on the content of the external drive, I have noticed no detrimental effect by disabling Spotlight on the drive.