Bug #3195
Cookies subdomain rules are incorrect
| Status: | Fixed | Start date: | 08/05/2016 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Andreas Smas | % Done: | 100% | |
| Category: | General | |||
| Target version: | - | |||
| Found in version: | 5.0.355 | Platform: | Linux |
Description
According to RFC 6265, Cookie set with Domain=.example.com or Domain=example.com (with NO leading dot, this is also valid) should also be set to the requests to x.example.com and y.x.example.com.
In the current implementation of HTTP engine in Movian, cookies with domain=.example.com do work on requests to x.example.com, but DO NOT work on requests to y.x.example.com and further nested subdomains.
How to reproduce:
1. Set some cookies for domain .example.com
2. Make a request to x.example.com
3. Make a request to y.x.example.com
Expected result:
Requests made on steps 2 and 3 have the same set of cookies. I've checked this behavior in every major browser.
Actual result:
Request made on step 2 has the expected set of cookies, request made on step 3 has none.
I've also attached the log showing the real requests and a picture of Chrome DevTools showing domain value for each cookie.
Associated revisions
http/client: Remove ancient cookie rejection mechanism that are no longer applicable
Fixes #3195
History
#1
Updated by Andreas Smas over 6 years ago
- Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset git|ed9847f6d900807b629d2ea415907bf058d3a3b9.