150953 - cookies can have incorrect path set based on query

Status: RESOLVED DUPLICATE of bug 62348

(Core :: Networking: Cookies, defect)

Description

[Peter Baylies]

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530
BuildID:    2002053012

By passing a query that looks like a path to a URL (i.e.,
cookie.php?/this/is/a/query), Mozilla incorrectly sets the path for any cookies
set by this page.

In this case, the path for the cookie should probably be NULL or /, but instead
would be 'cookie.php?/this/is/a/query'...

Reproducible: Always
Steps to Reproduce:
1. Write a program that sets cookies--I include an example in PHP from
www.php.net (under "Additional Information")
2.  Go to the URL and verify that cookies work.
3.  Pass a query with slashes to the URL, like 'cookie.php?/query/with/slashes'.
4.  Look at your cookies by going to Edit->Preferences, Privacy and
Security->Cookies, and clicking on Manage Cookies

Actual Results:  There should be several cookies set for this URL, with
different paths, but for the same page.  This is a bug where Mozilla can't tell
a query from a path.


Expected Results:  There should only be one cookie, with one path, set for this
page.

<?php
        $status = 0;
        if (isset($myTstCky) && ($myTstCky == "ChocChip"))
$status = 1;
        if (!isset($CCHK)) {
                setcookie("myTstCky", "ChocChip");
                header("Location: $PHP_SELF?CCHK=1");
                exit;
        }
?>
<html>
<head><title>Cookie Check</title></head>
<body bgcolor="#FFFFFF" text="#000000">
Cookie Check Status:
<?php
        printf ('<font color="#%s">%s</font>;',
                $status ? "00FF00" : "FF0000",
                $status ? "PASSED!" : "FAILED!");
?>
</body>
</html>

Comment 1

[Stephen P. Morse]

*** This bug has been marked as a duplicate of 62348 ***