Closed Bug 124043 Opened 24 years ago Closed 24 years ago

Does not set cookies originating from an IP address (no domain)

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: joff, Assigned: morse)

References

(
URL
)

Details

Attachments

(1 file)

TCP Capture (via Ethereal) of offending setcookie
4.04 KB, text/plain
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204 BuildID: 20020204 The intranet site I'm working on sets a cookie (for doing user authentication). It is accessed by IP address - there is no domain name associated with this site, and there probably won't be any time soon. Netscape 4.x and Internet explorer set the cookie correctly, and work as expected. The same authentication system is running on another site within the same network, and it does have a domain name associated with it, and this has the cookie set correctly. Reproducible: Always Steps to Reproduce: 1.Load up page (authentication.php) 2.Fill out form 3.Hit submit Actual Results: In Moz, I end up back at the login page (behaviour consistient with a user with no cookie set) phpinfo() / tcpdump shows that cookie is not being sent by Mozilla Expected Results: In NS 4.x, IE, system logs in normally, phpinfo() / tcpdump shows cookie being sent.
In Moz, Cookie does not appear in cookies.txt / Cookie browser either.. :)
There's not much we can do with this if we can't get to your server. It will certainly never get into the "confirmed" state, which means that the bug report is effectively dead. Can you post the traffic that is being sent. Specifically I'd like to see the set-cookie header to see if it specifies "domain". If so, then this bug report is invalid because domain has no meaning for IP-address sites (I fixed a bug to prevent that a while ago).
In this case, yes, the domain is being set to "155.63.250.250".. I've set this to null, and the system works now, thanks. Just interesting to note that the behaviour works with domain set to the IP address under IE and NS 4.x
It's an obvious bug to accept such a cookie and that is why the mozilla behavior was changed from the nav4 one. That fact that IE still accepts such a cookie indicates that they still have the bug. The bug is as follows. Suppose a site sets a cookie with domain=.250.250. Now should that cookie get sent back to all sites having IP addresses ending in .250.250. Obvously not. There is no concept of a domain when you are dealing with IP addresses instead of domain names. Furthermore the syntax in your set-cookie header is wrong. You have domain=155.63.250.250 A domain is defined as starting with a period. So the bug here is on the server and not in the mozilla code. Therefore marking this as invalid. The bug report for the change to not allow IP sites to set domain cookies is bug 100682.
Status: UNCONFIRMED → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
*** Bug 165814 has been marked as a duplicate of this bug. ***
verified invalid
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: