PATCH: Cookies for fully-qualified subdomains
Dawit A.
adawit at kde.org
Tue Dec 2 06:51:55 GMT 2003
On Tuesday 02 December 2003 01:25, John Firebaugh wrote:
> This patch fixes the following:
>
> dcop kcookiejar kcookiejar addCookies 'http://www.foo.com/' \
> 'Set-Cookie: FOO=bar; domain=.www.foo.com' 100
This is illegal. 'www.foo.com' is not allowed to set a cookie for any of its
sub domains! Even subdomains are only allowed to set cookie for their
immediate top-level domain, i.e. 'subdomain.www.foo.com' can set cookie for
'.www.foo.com', but not for '.foo.com'. So as not to completely discard such
invalid cookies, the cookiejar will accept the above cookie, but it will
compeltely ignore the "domain=" parameter. This means the cookie will only be
sent to the actual host (www.foo.com) that set it in the first place.
> dcop kcookiejar kcookiejar findCookies 'http://www.foo.com' 100
> -> Cookie: FOO=bar
Right.
> dcop kcookiejar kcookiejar findCookies 'http://subdomain.www.foo.com' 100
> -> Nothing
This is the correct behvaior for the reason explained above...
--
Regards,
Dawit A.
"Preach what you practice, practice what you preach"
More information about the kde-core-devel
mailing list