in bug 21813 firstname.lastname@example.org said to open up a new bug because bug 21813 was poorly written - it contained 3 bugs in it's description. And after careful inspection of the main bug that was filed "Logging on to slashdot userprofile doesn't work" it was shown that there is a problem with cookies, that morse doesn't seem to understand fully. morse, you say that domain cookies should be sent back to all hosts of that domain. The cookie I get when logging into www.slashdot.org is this: "Set-Cookie: user=encryptedData; domain=slashdot.org; path=/; expires=Sat, 10-Mar-2001 23:09:56 GMT" Clearly this is a domain cookie. After a little investigation, my proxy shows me what might be happening: "C:\Program Files\ijb-2.0.2-6\junkbstr.exe: GPC www.slashdot.org/users.pl C:\Program Files\ijb-2.0.2-6\junkbstr.exe: connect to: www.slashdot.org ... OK scan: HTTP/1.1 200 OK scan: Set-Cookie: user=encryptedData; domain=slashdot.org; path=/; expires=Sat, 10-Mar-2001 23:09:56 GMT scan: Set-Cookie: user=encryptedData; path=/; expires=Sat, 10-Mar-2001 23:09:56 GMT" looks like www.slashdot.org/users.pl is setting two cookies? is the first cookie, which is a domain cookie, being overwritten with the second? Although this appears to be exactly the same data sent to mozilla from slashdot.org/users.pl as my proxy server demonstrates: "C:\Program Files\ijb-2.0.2-6\junkbstr.exe: GPC slashdot.org/users.pl C:\Program Files\ijb-2.0.2-6\junkbstr.exe: connect to: slashdot.org ... OK scan: HTTP/1.1 200 OK scan: Set-Cookie: user=encryptedData; domain=slashdot.org; path=/; expires=Sat, 10-Mar-2001 23:07:32 GMT scan: Set-Cookie: user=encryptedData; path=/; expires=Sat, 10-Mar-2001 23:07:32 GMT" I'm currently using M14 w/crypto build 2000030317. although i'm marking OS to ALL as per bug 21813 - which this bug is really just a duplicate of.
Note: Netscape 4.61 is doing the same thing as mozilla - asking me to log in to both www.slashdot.org and slashdot.org. Internet Explorer: 4.72 (4.0) shows me log into both www.slashdot.org and slashdot.org after logging into only www.slashdot.org.
Believe me, morse fully understands all too well. ;-) From what you are describing above, you indeed have at least one domain cookie. BTW, there is an error in the way your site is setting it -- it should be "domain=.slashdot.org" with a leading dot in the domain name. But our browser will handle that properly in spite of the error. There is another error involved here. Namely that netscape browsers have never considered X.Y to be in the .X.Y domain. So host slashdot.org is not in the .slashdot.org domain. This is a correct behavior on the part of the browser. See the detailed discussion in bug report 28956. What is being reported here is a dup of that bug. Note that even though the browser is behaving correctly, you will note from the discussion in bug 28956 that we have agreed to change the browser's behavior to allow for this situation. *** This bug has been marked as a duplicate of 28956 ***
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.