User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 www.fictitious-site.co.uk is able to set a cookie scoped to the domain '.co.uk', which is then sent in a request to view www.another-fictitious-site.co.uk, or indeed any other .co.uk site. This may also apply to other domains other than .co.uk - other domains have not been tested. Reproducible: Always Steps to Reproduce: 1. visit http://www.garytomlinson.co.uk/cookies/ 2. enter a cookie name and a cookie value, click submit 3. click the resulting link or go to http://www.focusforsale.pwp.blueyonder.co.uk/ Actual Results: The cookie you created on the first .co.uk site is accessible to the second. Expected Results: Cookies should not be able to be set for the .co.uk domain. 3 periods are required in domains except for limited few (.com, .net etc).
*** This bug has been marked as a duplicate of 252342 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.