Closed Bug 147638 Opened 22 years ago Closed 22 years ago

Session cookies getting an extra "."

Categories

(Core :: Networking: Cookies, defect)

x86
Windows 2000
defect
Not set
normal

Tracking

()

VERIFIED INVALID

People

(Reporter: bear_phillips, Assigned: morse)

References

()

Details

When I try to set a session cookie for say members.aafp.org , mozilla rc3 adds
and extra "." at the beginning of the domain, set the cookie is set for
".members.aafp.org" .  Mozilla .98 (and probably .99) do not have this problem.

I set up a test script at:
http://members.aafp.org/cgi-bin/moztest.pl

Not all session cookies seem to get the extra ., so I am not sure why it happens
in this case.
Here is a better worded comment.

The domain for the session cookie shows up as ".members.aafp.org" instead of
"members.aafp.org".
A domain attribute for a cookie must always start with a leading dot.  See 
RFC2109.

There are some websites that were setting cookies with a "domain=" attribute and 
specifying an invalid domain -- i.e., one that did not start with a dot.  Those 
sites were not working properly, and the cause was the site and not mozilla.

To be kinder to those sites, mozilla will append the missing dot, thereby 
overlooking the syntax error made by the site.  That is the dot that you are 
seeing.  (This was a recent change made to mozilla.)

This has nothing to do with session cookies -- it is true for permanent cookies 
as well.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
verified invalid
Status: RESOLVED → VERIFIED
See also bug 147987 which was marked invalid for the same reason.
You need to log in before you can comment on or make changes to this bug.