Inconsistent path matching for cookie path prefixes

UNCONFIRMED
Unassigned

Status

()

P3
normal
UNCONFIRMED
11 years ago
11 months ago

People

(Reporter: webreg, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [necko-backlog])

Attachments

(1 attachment)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11

Assume a URL http://foo.com/fooBar that sets a cookie with the path /foo. The cookie is accepted, since /fooBar and /foo path-matches as of RFC 2965 paragraph 1.
The cookie is properly sent back to the server when accessing /foo, /foo/, /foo/bar, /foo/bar/... etc. Although it seems the cookie is NOT sent to the server when accessing /fooBar again, even though it should as of my understanding of paragraph 3.3.4 of the RFC.
I have confirmed the the problem is in the browser rather than the server using FireBug + Web Developer plugins.

Reproducible: Always

Steps to Reproduce:
1. Make request to /fooBar
2. /fooBar sets cookie with path /foo which is accepted.
3. Make request to /fooBar again. Cookie is not sent.
Actual Results:  
Cookie with path-matching path is not sent. Firefox seems to assume the path must actually be a path, and the requested URI may not be a "sibling" to the cookie path.

Expected Results:  
Cookies with path-matching according to RFC 2965 should be sent. "For two strings that represent paths, P1 and P2, P1 path-matches P2 if P2 is a prefix of P1 (including the case where P1 and P2 string-compare equal)."
(Reporter)

Comment 1

11 years ago
By the way, Internet Explorer 6 and Opera 9 behaves as expected.

Comment 2

11 years ago
sounds like a core bug.
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies

Comment 3

11 years ago
do you also see this on trunk (firefox 3 beta), or have you only tested branch?

regardless, the code for path matching hasn't changed in a long time:
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/netwerk/cookie/src/nsCookieService.cpp&rev=1.86&mark=1166-1175#1166

we do a substring match, per spec, so something nonobvious is going on here. can you create a cookie log (instructions at http://developer.mozilla.org/en/docs/Creating_a_Cookie_Log), demonstrating the problem, and attach it here?

Updated

11 years ago
Summary: Inconsisten path matching for cookie path prefixes → Inconsistent path matching for cookie path prefixes
(Reporter)

Comment 4

11 years ago
Created attachment 303974 [details]
Cookie log

Cookie log attached.
Also tested FF 3b3; same problem.

Comment 5

6 years ago
According to RFC 6265 [1] section 5.1.4 cookies with /foo as path don't match the request URL /fooBar.

The expected behavior is described in the test case for the Firebug issue 5591 [2].

To summarize:
Making a request to http://foo.com/fooBar/myScript would result in the following:

cookie-path        matches according to RFC 6265?   matches in FF 16.0a1?
/fooBar            yes                              yes
/fooBar/           yes                              yes
/fooBar/my         no                               no
/fooBar/myScript   yes                              yes
/fooBar/myScript/  no                               yes

Sebastian

[1] http://tools.ietf.org/html/rfc6265#section-5.1.4
[2] http://code.google.com/p/fbug/issues/detail?id=5591
Whiteboard: [necko-backlog]
You need to log in before you can comment on or make changes to this bug.