Closed Bug 147638 Opened 23 years ago Closed 23 years ago

Session cookies getting an extra "."

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: bear_phillips, Assigned: morse)

References

(
URL
)

Details

When I try to set a session cookie for say members.aafp.org , mozilla rc3 adds and extra "." at the beginning of the domain, set the cookie is set for ".members.aafp.org" . Mozilla .98 (and probably .99) do not have this problem. I set up a test script at: http://members.aafp.org/cgi-bin/moztest.pl Not all session cookies seem to get the extra ., so I am not sure why it happens in this case.
Here is a better worded comment. The domain for the session cookie shows up as ".members.aafp.org" instead of "members.aafp.org".
A domain attribute for a cookie must always start with a leading dot. See RFC2109. There are some websites that were setting cookies with a "domain=" attribute and specifying an invalid domain -- i.e., one that did not start with a dot. Those sites were not working properly, and the cause was the site and not mozilla. To be kinder to those sites, mozilla will append the missing dot, thereby overlooking the syntax error made by the site. That is the dot that you are seeing. (This was a recent change made to mozilla.) This has nothing to do with session cookies -- it is true for permanent cookies as well.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
verified invalid
Status: RESOLVED → VERIFIED
See also bug 147987 which was marked invalid for the same reason.
You need to log in before you can comment on or make changes to this bug.