Closed
Bug 414582
Opened 17 years ago
Closed 4 years ago
Inconsistent path matching for cookie path prefixes
Categories
(Core :: Networking: Cookies, defect, P3)
Tracking
()
RESOLVED
INVALID
People
(Reporter: webreg, Unassigned)
Details
(Whiteboard: [necko-backlog])
Attachments
(1 file)
|
5.00 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Assume a URL http://foo.com/fooBar that sets a cookie with the path /foo. The cookie is accepted, since /fooBar and /foo path-matches as of RFC 2965 paragraph 1. The cookie is properly sent back to the server when accessing /foo, /foo/, /foo/bar, /foo/bar/... etc. Although it seems the cookie is NOT sent to the server when accessing /fooBar again, even though it should as of my understanding of paragraph 3.3.4 of the RFC. I have confirmed the the problem is in the browser rather than the server using FireBug + Web Developer plugins. Reproducible: Always Steps to Reproduce: 1. Make request to /fooBar 2. /fooBar sets cookie with path /foo which is accepted. 3. Make request to /fooBar again. Cookie is not sent. Actual Results: Cookie with path-matching path is not sent. Firefox seems to assume the path must actually be a path, and the requested URI may not be a "sibling" to the cookie path. Expected Results: Cookies with path-matching according to RFC 2965 should be sent. "For two strings that represent paths, P1 and P2, P1 path-matches P2 if P2 is a prefix of P1 (including the case where P1 and P2 string-compare equal)."
|
Reporter | |
Comment 1•17 years ago
|
||
By the way, Internet Explorer 6 and Opera 9 behaves as expected.
|
||
Comment 2•16 years ago
|
||
sounds like a core bug.
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies
|
|
||
Comment 3•16 years ago
|
||
do you also see this on trunk (firefox 3 beta), or have you only tested branch? regardless, the code for path matching hasn't changed in a long time: http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/netwerk/cookie/src/nsCookieService.cpp&rev=1.86&mark=1166-1175#1166 we do a substring match, per spec, so something nonobvious is going on here. can you create a cookie log (instructions at http://developer.mozilla.org/en/docs/Creating_a_Cookie_Log), demonstrating the problem, and attach it here?
|
|
||
Updated•16 years ago
|
Summary: Inconsisten path matching for cookie path prefixes → Inconsistent path matching for cookie path prefixes
|
|
Reporter | |
Comment 4•16 years ago
|
||
Cookie log attached. Also tested FF 3b3; same problem.
|
||
Comment 5•12 years ago
|
||
According to RFC 6265 [1] section 5.1.4 cookies with /foo as path don't match the request URL /fooBar. The expected behavior is described in the test case for the Firebug issue 5591 [2]. To summarize: Making a request to http://foo.com/fooBar/myScript would result in the following: cookie-path matches according to RFC 6265? matches in FF 16.0a1? /fooBar yes yes /fooBar/ yes yes /fooBar/my no no /fooBar/myScript yes yes /fooBar/myScript/ no yes Sebastian [1] http://tools.ietf.org/html/rfc6265#section-5.1.4 [2] http://code.google.com/p/fbug/issues/detail?id=5591
|
||
Updated•8 years ago
|
Whiteboard: [necko-backlog]
|
||
Comment 6•7 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
|
|
||
Comment 7•7 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P1 → P3
|
||
Comment 8•4 years ago
|
||
Invalid. See comment #5
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
|
|
||
Comment 9•4 years ago
|
||
For clarification to the ones following this bug, the last case of comment 5 (/fooBar/myScript/) works according to the RFC in Firefox 73 and does not match (anymore).
Sebastian
You need to log in
before you can comment on or make changes to this bug.
Description
•