Closed Bug 217179 Opened 22 years ago Closed 22 years ago

Cookies with and without explicit "domain" stored differently, fight for contention

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: cjayc, Assigned: darin.moz)

References

(
URL
)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461; .NET CLR 1.0.3705) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 A cookie with the Set-Cookie header option "domain" for domain "a.b.c" is stored with ".a.b.c" as the domain. A cookie without the "domain" setting for host "a.b.c" is stored with "a.b.c" as the host. When the a.b.c site is visited, the cookie sent is not consistent; sometimes, it is the last cookie set, sometimes, it is the first cookie set. There does not appear to be any specific logic dealing with this situation. When a web site begins or ends sending the "domain" header with its cookies, old cookies can get "stuck" in the browser with no alternative for the user but to manually delete them. Reproducible: Always Steps to Reproduce: Example cookie-setting page can be seen at http://www.cjayc.com/cookiebug.asp 1. Send a cookie with "domain" header matching the site address 2. Send an identically keyed cookie without the "domain" header Actual Results: The cookie that is actually sent to the server by the browser is random. I have seen it send the first cookie, and the last cookie. Upon reflection, the browser was always sending the last cookie set until I expired one of the cookies; at that point, the cookie sent became unpredictable. Expected Results: Two "identical" cookies for the same site can be stored, and there is no pattern for which one will be sent. Internet Explorer makes no disctinction between cookies sent with or without domain for the same site; even if this isn't the proper way to handle it, consistent behavior is always preferred over random.
Note that IE seems to treat a host cookie (one without an explicit domain) and a domain cookie (one with an explicit domain) as nearly -- nearly -- identical, while Mozilla treats them as two unique cookies. (The only distinction I can find in IE is that a host cookie seems to be read-only from a subdomain.) See bug 222343 comment 7 for excruciating details.
eh? what's going on here? host cookies and domain cookies are treated differently by mozilla, yes; but that's an implementation detail. you don't need to care about that. both your cookies should be sent back to the server. if they're not, that's a bug. do you still see this problem?
resolving INVALID due to lack of clarification and response from the reporter. If this is still a problem in currently versions, please provide a real-world example of where this is causing a problem.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.