User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021126 Build Identifier: "Mozilla/5.0" When you have 2 servers : http://host:port1/ and http://host:port2/, the sames cookies are sent to the server. Reproducible: Always Steps to Reproduce: 1. look at http://quinton.free.fr/mozilla/session1.php.txt 2. configure variable $host, and port number below, 3. install 2 http server on 2 different ports, that point to this script 4. copy session1.php.txt to session1.php 5. copy session1.php.txt to session2.php 6. verify that session variable (test_login) is transmited 7. look a session ID and verify if ID is the same for the 2 server (should not).
free of bug in 1.0, 1.1 bug started in 1.2, still in 1.3a
you can now make some tests online : http://villeneuve-tolosane.net:8889/session1.php clic on the 2 server and verify that cookies are the same or different. may be I change apache httpd.conf (ServerName)
This might be WONTFIX, based on Bug 142803, although I personally disagree w/ the interpretation, I've been on cookie qa for about 10 minutes. I'll research this some more.
This is invalid. See bug 142803, which references the relevant specifications (and the fact that we and IE both follow those specifications at this point is nice too).
*** Bug 197925 has been marked as a duplicate of this bug. ***
*** Bug 316733 has been marked as a duplicate of this bug. ***
*** Bug 295396 has been marked as a duplicate of this bug. ***
*** Bug 329028 has been marked as a duplicate of this bug. ***