Root domain cookie returned over more specific subdomain cookie




Networking: Cookies
12 years ago
10 months ago


(Reporter: Bill, Unassigned)


1.8 Branch
Windows Server 2003

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [necko-would-take])



12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

If you have the URLS and which share a commonly named cookie, the cookie for will always be returned, even when browsing from  The cookie domain is correctly being set for each sites cookie.

IE returns the correct cookie, as expected.

Reproducible: Always

Steps to Reproduce:
1. Create a simple page that A) Displays the cookie from B, if avaialable B) Sets a cookie with Cookiedomain equal to the current url and expiration set to 1+ days.  The Cookie value should be set to the browsed URL so that it's clear who set the cookie on subsequent reads.

2. Modify hosts file to include and, both pointing to the same page.
3. Browse each page.
4. Restart Browsers.
5. Browse each page.

Expected Results:  
The page should respond with a value of (From the subdomain cookie).  The page should similarly respond with a value of (From the root domain cookie)
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies
Version: unspecified → 1.8 Branch

Comment 1

8 years ago
Using FF 3.6.13, the cookie sharing (leakage?) bug is still present.

IIRC there was a claim that FF implemented RFC 2109.  According to Section 2 "Terminology":

Hosts names can be specified either as an IP address or a FQHN string.  Sometimes we compare one host name with another.  Host A's name domain-matches host B's if


   * A is a FQDN string and has the form NB, where N is a non-empty name
     string, B has the form .B', and B' is a FQDN string.  (So,
     domain-matches but not
Whiteboard: [necko-would-take]
You need to log in before you can comment on or make changes to this bug.