Closed Bug 168095 Opened 22 years ago Closed 22 years ago

expired cookies not deleted correctly

Categories

(Core :: Networking: Cookies, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: nkiesel, Assigned: dwitte)

Details

Attachments

(8 files)

Hi, I have trouble with Mozilla (both 1.0 and Build 2002083000) with cookies. Problem is that I have an server which sends in one http request the same cookie 3 times: Set-Cookie: prompt1=Demo;PATH=/ Set-Cookie: prompt1=Demo;PATH=/ Set-Cookie: prompt1=;PATH=/;EXPIRES=Wed, 31 Dec 1969 17:00:00 GMT Mozilla send sends the following cookie during the next HTTP GET: Cookie: prompt1=; I think it should not send the cookie at all. I'll attach the the two captured TCP streams from ethereal. As the server is currently not accessible from the internet, providing an URL for online tests will take some tie, but I'm willing to ran any tests in the meantime. so long Norbert
i am seeing related behaviour on Windows 2000 with Mozilla 1.2.1. cookies that are specified as non-persistent ( i.e. cookies with a MaxAge of -1 ) are stored persistently by Mozilla, but not by IE or Netscape Navigator 4.8. i believe that these cookies should be deleted by Mozilla as well. this will cause problems on sites which rely on cookies for storing temporary session data, if they expect no cookie to be present when a browser first hits a site to establish a session.
marking CONFIRMED looks like the cookies backend needs to do a better job of accepting "unexpected" time stamps.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attached patch patch by dwitteSplinter Review
Comment on attachment 111726 [details] [diff] [review] patch by dwitte suresh, could you verify this patch works? hmm, this one can probably slip by with rs= :)
Attachment #111726 - Flags: superreview?(darin)
Attachment #111726 - Flags: review?(suresh)
Reassigning to me. I'll see if I can get some "quick hacks" into 1.3b, from that list of bugs you guys gave me at the meeting. I can take maybe half of the bugs on the "in" list. Nothing fancy like rewrites, just enough to make 1.3b not suck :)
Assignee: morse → dwitte
Status: NEW → ASSIGNED
Attached file js testcase
The last line should return a blank cookie (-> deleted) if we pass the test.
Although RFC2109 specifies Max-age to be nonnegative, we should err on the side of robustness. Currently we don't check for negative values at all (it'll fall through and become a session cookie).
Although RFC2109 specifies Max-age to be nonnegative, we should err on the side of robustness. Currently we don't check for negative values at all (it'll fall through and become a session cookie).
Although RFC2109 specifies Max-age to be nonnegative, we should err on the side of robustness. Currently we don't check for negative values at all (it'll fall through and become a session cookie).
Attached patch Updated patchSplinter Review
sigh, sorry about the spam. bugzilla's being real slow... This patch changes the comparison to use LL_ macros, for compatibility. Also adds the fix for negative max-age.
Attachment #111820 - Flags: superreview?(darin)
Attachment #111820 - Flags: review?(suresh)
Attachment #111726 - Flags: superreview?(darin)
Attachment #111726 - Flags: review?(suresh)
Comment on attachment 111820 [details] [diff] [review] Updated patch I tested the above patch and testcase. Looks good to me. r-suresh
Attachment #111820 - Flags: review?(suresh) → review+
Attachment #111820 - Flags: superreview?(darin) → superreview?(peterv)
Attachment #111820 - Flags: superreview?(peterv) → superreview+
checked in
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: