Closed Bug 469678 Opened 16 years ago Closed 5 years ago

Default Cookie Path includes trailing slash

Categories

(Core :: Networking: Cookies, defect, P3)

Product:
Core
Component:
Networking: Cookies
Platform:
PowerPC
macOS
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: dieter, Unassigned)

Details

(Whiteboard: [necko-backlog]) 

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

Per RFC 2109 the default path of a cookie when set by Set-Cookie is:
Defaults to the path of the request URL that generated the Set-Cookie response, up to, but not including, the right-most /.

Firefox includes the right-most slash. In our application it broke compatibility with other browsers. The workaround for application developers is easy: set an explicit cookie path. Unfotunately for end-users there is no work around.

RFC 2965 changes this behaviour but that is for the Set-Cookie2 header.

Reproducible: Always

Steps to Reproduce:
1. get a cookie from a URL that is like /foo/bar. Do not set an explicit path.
Actual Results:  
/foo/ will be set as cookie path.

Expected Results:  
/foo should be set as path

http://tools.ietf.org/html/rfc2109
http://tools.ietf.org/html/rfc2965
Component: General → Networking: Cookies
Product: Firefox → Core
QA Contact: general → networking.cookies
Whiteboard: [necko-backlog]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P1 → P3

https://wpt.fyi/results/cookies/http-state/path-tests.html?label=master&product=chrome%5Bexperimental%5D&product=edge&product=firefox%5Bexperimental%5D&product=safari%5Bexperimental%5D&aligned
We fail several path tests, but we are in sync with the other browsers. For web-compact reasons I don't think we should change the current behavior. Let's close this bug as invalid.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID

It seems like the latest firefox release (69.0) removes the trailing slash, where before it was present. This seems to cause problems when reading/writing cookie values, due to the path not matching.

If changed were applied, it should be noted in the release notes.

You need to log in before you can comment on or make changes to this bug.