276449 - Duplicate cookies

Status: VERIFIED INVALID

(Core :: Networking: Cookies, defect)

Description

[roy]

There is a problem with the way firefox handles cookies. It sometimes happens
that the same cookie (same path, same hostname) is present more then once.

Comment 1

[Mike Connor [:mconnor]]

Please read the guidelines on reporting useful bugs.  Without a testcase/example
or steps to reproduce, this is not useful in fixing something.

It is possible that you're seeing host and domain cookies, as some people misuse
the headers and set them interchangeably.

Marking invalid, there has been bugs on this in the correct component before.

Comment 2

[roy]

Maybe the following headers will clear things up:

http://www.vanstockum.nl/language.php?id=1

GET http://www.vanstockum.nl/language.php?id=1 HTTP/1.1
Host: www.vanstockum.nl
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://www.vanstockum.nl/top.php
Cookie: ssid=32e17117d81279f0b3c7a4af2da8ebaa; ENQID=1; LANGUAGE=0; vsid=15;
vspass=098f6bcd4621d373cade4e832627b4f6; LANGUAGE=0
Authorization: Basic cGluZTp3MGtrZWw=
Cache-Control: max-age=0

HTTP/1.x 302 Moved Temporarily
Date: Fri, 31 Dec 2004 08:16:11 GMT
Server: Apache
P3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Set-Cookie: ssid=32e17117d81279f0b3c7a4af2da8ebaa; expires=Sun, 30-Jan-2005
08:16:11 GMT; path=/; domain=.vanstockum.nl
Set-Cookie: LANGUAGE=1; expires=Sat, 31-Dec-2005 08:16:11 GMT; path=/;
domain=.vanstockum.nl
Set-Cookie: LANGUAGE=deleted; expires=Thu, 01-Jan-2004 08:16:10 GMT; path=/;
domain=www.vanstockum.nl
Location: /
Content-Type: text/html
X-Cache: MISS from office.pine.nl
Proxy-Connection: close
----------------------------------------------------------
http://www.vanstockum.nl/

GET http://www.vanstockum.nl/ HTTP/1.1
Host: www.vanstockum.nl
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://www.vanstockum.nl/top.php
Cookie: ssid=32e17117d81279f0b3c7a4af2da8ebaa; ENQID=1; LANGUAGE=0; vsid=15;
vspass=098f6bcd4621d373cade4e832627b4f6; LANGUAGE=1
Authorization: Basic cGluZTp3MGtrZWw=
Cache-Control: max-age=0

The above is a dump from 'Live HTTP Headers'.
As you can see i am on the www.vanstockum.nl domain and i am unsetting the
LANGUAGE cookie for www.vanstockum.nl / '/' and setting the LANGUAGE cookie for
.vanstockum.nl / '/'. Yet on the next request firefox is still sending two
LANGUAGE cookies. I also had this problem with two cookies that were exactly the
same. When i use the Web Developer plugin to view my cookies i also see both
cookies there:

Name	LANGUAGE
Value	1
Host	vanstockum.nl
Path	/
Expires	Saturday, December 31, 2005 9:16:19 AM

Name	LANGUAGE
Value	0
Host	www.vanstockum.nl
Path	/
Expires	Saturday, December 24, 2005 2:27:33 PM

I tried unsetting all the cookies but could not do it serverside (i could only
remove one) and had to manually remove them.

Comment 3

[Mike Connor [:mconnor]]

You realize that host cookies for www.vanstockum.nl and vanstockum.nl aren't
duplicates, right?  If they're both host cookies, as the end of your comment
indicates, then that's allowed per spec.

However, the HTTP headers indicate that you're setting a domain cookie for
.vanstockum.nl which, again, is acceptable per spec.