Closed
Bug 58497
Opened 24 years ago
Closed 21 years ago
2nd level domains can't set cookies.
Categories
(Core :: Networking: Cookies, defect, P3)
Tracking
()
VERIFIED
FIXED
Future
People
(Reporter: jud, Assigned: dwitte)
Details
(Keywords: testcase)
Sorry, no test case. if I goto www.foo.com which sets the following cookie: set-cookie: foo=bar; domain=foo.com That cookie will be rejected because mozilla's cookie impl enforces the 2-dot rule (correctly) for domain checking. However this seems pretty silly considering that the vast majority of web content is only 2 levels deep, and "foo.com" and ".foo.com" are ultimately the same.
Comment 1•24 years ago
|
||
Is this cookie accepted in 4.x?
Reporter | ||
Comment 2•24 years ago
|
||
no, but IE accepts it.
Comment 3•24 years ago
|
||
And I believe that IE had other problems because of this. I'm out of context on all the details now so I can't be more specific. If you read the whole discussion in bug 8743, you'll probably find what I'm referring to. Let me know if you want me to get back up to speed on this and give you a more intelligent answer.
Updated•24 years ago
|
Status: NEW → ASSIGNED
Whiteboard: [x]
Comment 4•24 years ago
|
||
Netscape Nav triage team: this is not a Netscape beta stopper.
Keywords: nsbeta1-
Updated•24 years ago
|
Whiteboard: [x]
Updated•23 years ago
|
Target Milestone: --- → Future
Comment 5•22 years ago
|
||
I have just found a cookie for the "domain" co.uk in my Moz 1.0 cookie list. This is clearly not a good thing, and related to this bug and the referenced previous discussion. On selecting "don't allow removed cookies to be reaccepted later" of course co.uk appears on the list on the denied tab (after restarting). So a kind of patch would be to preinstall all the country-specific extensions, co.uk, org.uk .... etc etc as denied "domains".
Comment 6•22 years ago
|
||
observed on Mozilla 1.3a (build 20021126) on IRIX 6.5.17: meine.deutsche-bank.de can't set a cookie needed for login to online banking Preferences/.../Enable all cookies is set Mozilla 1.2b works well on this point.
Comment 7•22 years ago
|
||
The deutche-bank problem is covered in bug 171235. It's not a mozilla problem but rather an error on the deutche-bank website.
Cookieset to Mozilla: Set-Cookie: Login=1; domain=foo.de; path=/ set a Cookie with Domain ".foo.de" First Char is a DOT if you send Set-Cookie: Login=1; path=/ from the same Server the Domain is correct set as "foo.de" 1.2 works correct, 1.3 until 1.4 Gecko/20030529 have this error
->dwitte
Assignee: morse → dwitte
Status: ASSIGNED → NEW
Assignee | ||
Comment 10•21 years ago
|
||
this was fixed during the cookie rewrite in 1.4.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Comment 11•21 years ago
|
||
VERIFIED: per dwitte. I'll add a testcase. I'm behind, so I'll ask here... domain=foo.com is okay. domain=.com or domain=com is not. right?
Assignee | ||
Comment 12•21 years ago
|
||
correct - the domain must have > one embedded dot (irrelevant of leading/trailing dots). thx benc!
You need to log in
before you can comment on or make changes to this bug.
Description
•