Closed
Bug 293750
Opened 19 years ago
Closed 19 years ago
Cookie-Set: Header is not honored
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: Nikolaus, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2) Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2) Opening the page should set the IMAIL_TEST_COOKIE. I got the following line with ethereal: Set-Cookie: IMAIL_TEST_COOKIE=test; expires=Thu, 12 May 2005 12:09:05 GMT; path=/; domain=www.rath.org However, the cookie is not set (checked as well with the cookie manager). I've customized firefox to accept every cookie with no exceptions. I also tried to purge my entire configuration in ~/.mozilla. After a fresh start, the cookie was set but after some days (I didn't change anything) it stopped working again. I can't reproduce the behaviour with the same browser version on a different system. The failure only occurs on this system. Reproducible: Sometimes Steps to Reproduce:
Reporter | ||
Comment 1•19 years ago
|
||
After having ordered my thoughts for writing the bug report, I just managed to narrow the problem down. Sorry for that. The problematic URL is http://ebox.rath.org/iloha/ while http://www.rath.org/iloha/ works fine (This was machine used a different bookmark than the other). In both cases the cookie is set with domain=www.rath.org. If the URI is ebox.rath.org, the cookie is than ignored. However, I'm still not sure if that is correct behaviour. After all, I instructed firefox to accept cookies from *all* websites and not just the orginating one.
Comment 2•19 years ago
|
||
It would be a security hole if one website could set a cookie for another. So when you set the browser to accept all cookies, that really just means all cookies that are legal according to the RFC (give or take, enforcing the RFC requirements exactly would break too many websites) Now then, domain=www.rath.org is invalid, you really mean domain=.www.rath.org (and that is how the browser interprets it, with the leading dot). But domain=.rath.org would be more useful here, so that all rath.org servers could read the cookie value. Marking invalid.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Component: General → Networking: Cookies
Product: Firefox → Core
Resolution: --- → INVALID
Version: unspecified → Trunk
You need to log in
before you can comment on or make changes to this bug.
Description
•