271467 - HTTP port of remote site is ignored when sending cookies

Status: VERIFIED DUPLICATE of bug 227475

(Core :: Networking: Cookies, defect)

Description

[James Mason]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

Take the following two urls:

http://example.com/mywebapp
http://example.com:8080/mywebapp

A request is made to the first url and the server responds with a Set-Cookie
header that looks something like this:

Set-Cookie: JSESSIONID=82121BE7D8B9AE192901B85968216D17;Path=/mywebapp

When a request is made to the second url Firefox will send this cookie along
with the request. Since the request is going to a different
server/application/virtual host, the cookie is not valid and a new cookie is set
in the response. Every time the browser visits the other url the cookie is
reset, and with this particular cookie that means the previous session is lost.

Reproducible: Always
Steps to Reproduce:
1. Setup two copies of a web application on the same server running on different
ports.
2. Visit the first webapp and log in.
3. Visit the second webapp (don't log in).
4. Visit the first webapp again.

Actual Results:  
The session started in step 2 was lost, forcing me to log in again.

Expected Results:  
The cookie set in step 2 should not be sent with the request made in step 3.
Firefox should pay attention port number as well as the hostname and cookie path.

Comment 1

[James Mason]

Attachment: Live HTTP headers trace of an example exchange

Comment 2

[James Mason]

This was reproducable with Firefox 1.0 as well.

Comment 3

[Josh Birnbaum]

Cookies are not port-specific.  See the discussion in previous bugs, for example
bug 227475 and bug 142803

*** This bug has been marked as a duplicate of 227475 ***