domain cookies not working properly.

VERIFIED DUPLICATE of bug 28956

Status

()

P3
normal
VERIFIED DUPLICATE of bug 28956
19 years ago
19 years ago

People

(Reporter: jelwell, Assigned: morse)

Tracking

Trunk
x86
All
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

19 years ago
in bug 21813 morse@netscape.com said to open up a new bug because bug 21813 was 
poorly written - it contained 3 bugs in it's description. And after careful 
inspection of the main bug that was filed "Logging on to slashdot userprofile 
doesn't work" it was shown that there is a problem with cookies, that morse 
doesn't seem to understand fully.

morse, you say that domain cookies should be sent back to all hosts of that 
domain. The cookie I get when logging into www.slashdot.org is this:

"Set-Cookie: user=encryptedData; domain=slashdot.org; path=/; expires=Sat, 
10-Mar-2001 23:09:56 GMT"

Clearly this is a domain cookie.

After a little investigation, my proxy shows me what might be happening:

"C:\Program Files\ijb-2.0.2-6\junkbstr.exe: GPC	www.slashdot.org/users.pl
C:\Program Files\ijb-2.0.2-6\junkbstr.exe: connect to: www.slashdot.org ... OK
scan: HTTP/1.1 200 OK
scan: Set-Cookie: user=encryptedData; domain=slashdot.org; path=/; expires=Sat, 
10-Mar-2001 23:09:56 GMT
scan: Set-Cookie: user=encryptedData; path=/; expires=Sat, 10-Mar-2001 23:09:56 
GMT"

looks like www.slashdot.org/users.pl is setting two cookies? is the first 
cookie, which is a domain cookie, being overwritten with the second?

Although this appears to be exactly the same data sent to mozilla from 
slashdot.org/users.pl as my proxy server demonstrates:

"C:\Program Files\ijb-2.0.2-6\junkbstr.exe: GPC	slashdot.org/users.pl
C:\Program Files\ijb-2.0.2-6\junkbstr.exe: connect to: slashdot.org ... OK
scan: HTTP/1.1 200 OK
scan: Set-Cookie: user=encryptedData; domain=slashdot.org; path=/; expires=Sat, 
10-Mar-2001 23:07:32 GMT
scan: Set-Cookie: user=encryptedData; path=/; expires=Sat, 10-Mar-2001 23:07:32 
GMT"

I'm currently using M14 w/crypto build 2000030317. although i'm marking OS to 
ALL as per bug 21813 - which this bug is really just a duplicate of.
(Reporter)

Comment 1

19 years ago
Note: Netscape 4.61 is doing the same thing as mozilla - asking me to log in to 
both www.slashdot.org and slashdot.org.
Internet Explorer: 4.72 (4.0) shows me log into both www.slashdot.org and 
slashdot.org after logging into only www.slashdot.org.
(Assignee)

Comment 2

19 years ago
Believe me, morse fully understands all too well. ;-)

From what you are describing above, you indeed have at least one domain cookie.  
BTW, there is an error in the way your site is setting it -- it should be 
"domain=.slashdot.org" with a leading dot in the domain name.  But our browser 
will handle that properly in spite of the error.

There is another error involved here.  Namely that netscape browsers have never 
considered X.Y to be in the .X.Y domain.  So host slashdot.org is not in the 
.slashdot.org domain.  This is a correct behavior on the part of the 
browser.  See the detailed discussion in bug report 28956.  What is being 
reported here is a dup of that bug.

Note that even though the browser is behaving correctly, you will note from the 
discussion in bug 28956 that we have agreed to change the browser's behavior to 
allow for this situation.

*** This bug has been marked as a duplicate of 28956 ***
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → DUPLICATE

Comment 3

19 years ago
verified DUP
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.