Closed Bug 276877 Opened 20 years ago Closed 20 years ago

cookie broken for www and blank

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: steve200, Assigned: darin.moz)

Details

apologies if this is already covered, I really did try to find this error in the
existing bugs.

if www.somesite.com and somesite.com both have A records to the same webserver
and that webserver is configured with www.somesite.com and somesite.com as valid
host headers of the same logical website, internet explorer cookies do not
distinguish between the two.  Firefox does distinguish them, somesite.com and
www.somesite.com each have their own separate cookies.  Firefox breaks
session-based logins where the site is somewhat careless about using
www.somesite.com or not using somesite.com.
That's the flaw in IE's implemenation.  www.somesite.com and somesite.com are
explicitly allowed to have separate host cookies per the appropriate RFCs.  How
do you know that somesite.com and www.somesite.com are even the same site? 
Really, you don't, even though its expected.

This is not an error, this is how the RFC that defines cookies says this should
be handled.
Assignee: firefox → darin
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: firefox.general → core.networking.cookies
Version: 1.0 Branch → Trunk
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.