Cookies with empty path ("Path=") are handled differently than before

RESOLVED WONTFIX

Status

()

RESOLVED WONTFIX
15 years ago
3 years ago

People

(Reporter: andre.bugs2, Unassigned)

Tracking

({regression})

Trunk
x86
Linux
regression
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

15 years ago
I have talked to dwitte on IRC about this, and he asked me to assign it to him.
When clicking on the link "här" on the site http://www.veckrevyn.com/ you are
sent a cookie containing "Path=". With current builds, this causes you to be
thrown back to the same page again, while in prevoius builds you were allowed in
on the site. Dwitte produced a patch that added a check for empty Path, and made
us default to root ("/") if such a Path was found in the cookie. That change
allowed me to enter the site.

The above site is quite unimportant, but it is possible that other more
important sites were broken by the increased strictness how an empty Path is
handled.
(Reporter)

Comment 1

15 years ago
I got the URL wrong in the above post - it should be http://www.veckorevyn.com/

Comment 2

15 years ago
So you are saying we used to treate:

Path= -> Path=/

and now we treate it as the current base path?

If you can, please change the summary to describe the behavior you think is
incorrect.

Comment 3

15 years ago
I found this bug too at http://tiscali.cz/home/ (Tiscali 10.0 login).
I parsed the login way and found the reason ... exactly as written i comment #2.

older mozilla (and also IE) Path= -> Path=/
mozilla 1.4 (Win2000) Path= -> current base path

Opera 6.06 works the same way as mozilla 1.4.

Comment 4

8 years ago
Reassigning to nobody. If anyone wants to work on this, feel free!
Assignee: dwitte → nobody
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.