Bug #3195

Cookies subdomain rules are incorrect

Added by Wain . over 3 years ago. Updated over 3 years ago.

Status:FixedStart date:08/05/2016
Priority:NormalDue date:
Assignee:Andreas Smas% Done:

100%

Category:General
Target version:-
Found in version:5.0.355 Platform:Linux

Description

According to RFC 6265, Cookie set with Domain=.example.com or Domain=example.com (with NO leading dot, this is also valid) should also be set to the requests to x.example.com and y.x.example.com.
In the current implementation of HTTP engine in Movian, cookies with domain=.example.com do work on requests to x.example.com, but DO NOT work on requests to y.x.example.com and further nested subdomains.

How to reproduce:
1. Set some cookies for domain .example.com
2. Make a request to x.example.com
3. Make a request to y.x.example.com

Expected result:
Requests made on steps 2 and 3 have the same set of cookies. I've checked this behavior in every major browser.

Actual result:
Request made on step 2 has the expected set of cookies, request made on step 3 has none.

I've also attached the log showing the real requests and a picture of Chrome DevTools showing domain value for each cookie.

movian.log (6.05 KB) Wain ., 08/05/2016 10:24 PM

log.JPG (49.1 KB) Wain ., 08/05/2016 10:25 PM

Associated revisions

Revision ed9847f6
Added by Andreas Smas over 3 years ago

http/client: Remove ancient cookie rejection mechanism that are no longer applicable

Fixes #3195

Change included in version 5.0.357

History

#1 Updated by Andreas Smas over 3 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Also available in: Atom PDF