[http-state] Cookie path and trailing "/"
16 views
Skip to first unread message
Zhong Yu
Apr 1, 2013, 9:01:40 PM4/1/13
to aba...@eecs.berkeley.edu, Barry Leiba, Pete Resnick, Jeff....@kingsmountain.com, http-...@ietf.org
Hello cookie masters,
In the follow example of an http response, two cookies are set which differs in the trailing slash of the Path attributeHTTP/1.1 200 OK
Set-Cookie: n=v1; Path=/abc
In my tests, IE and Chrome conform to these requirement. My question is, are these requirement as intended? What was the reason behind?
On Firefox the two cookies are also treated as distinct cookies; however Firefox erroneously sends cookie#2 for request-path "/abc". Should that be considered a bug?
Thanks,
Zhong Yu
Thanks,
Zhong Yu
Adam Barth
Apr 1, 2013, 9:07:31 PM4/1/13
to Zhong Yu, Pete Resnick, Barry Leiba, http-state
On Mon, Apr 1, 2013 at 6:01 PM, Zhong Yu <zhong...@gmail.com> wrote:
> Hello cookie masters,
>
> In the follow example of an http response, two cookies are set which differs in the trailing slash of the Path attribute
>
> HTTP/1.1 200 OK
> Set-Cookie: n=v1; Path=/abc
> Set-Cookie: n=v2; Path=/abc/
>
> According to RFC6265, these are two distinct cookies. And cookie#2 is not applicable to request-path "/abc".
>
> In my tests, IE and Chrome conform to these requirement. My question is, are these requirement as intended?
Yes.
> Hello cookie masters,
>
> In the follow example of an http response, two cookies are set which differs in the trailing slash of the Path attribute
>
> HTTP/1.1 200 OK
> Set-Cookie: n=v1; Path=/abc
> Set-Cookie: n=v2; Path=/abc/
>
> According to RFC6265, these are two distinct cookies. And cookie#2 is not applicable to request-path "/abc".
>
> In my tests, IE and Chrome conform to these requirement. My question is, are these requirement as intended?
> What was the reason behind?
> On Firefox the two cookies are also treated as distinct cookies; however Firefox erroneously sends cookie#2 for request-path "/abc". Should that be considered a bug?
interoperable with other user agents, which seems like a good thing.
Adam
_______________________________________________
http-state mailing list
http-...@ietf.org
https://www.ietf.org/mailman/listinfo/http-state
Zhong Yu
Apr 1, 2013, 9:18:48 PM4/1/13
to Adam Barth, Pete Resnick, Barry Leiba, http-state
Cool, I'll file a bug to Firefox.
Zhong Yu
Apr 1, 2013, 9:28:35 PM4/1/13
to Adam Barth, Pete Resnick, Barry Leiba, http-state
I agree with Dan Witte that it's probably not a big deal, usually a server application will consistently use one of the two forms (if the application uses non-"/" Paths at all).
Zhong YuReply all
Reply to author
Forward
0 new messages