PATCH: Cookies for fully-qualified subdomains
John Firebaugh
jfirebaugh at kde.org
Tue Dec 2 22:30:38 GMT 2003
On Monday 01 December 2003 10:51, Dawit A. wrote:
> On Tuesday 02 December 2003 01:25, John Firebaugh wrote:
> > This patch fixes the following:
> >
> > dcop kcookiejar kcookiejar addCookies 'http://www.foo.com/' \
> > 'Set-Cookie: FOO=bar; domain=.www.foo.com' 100
>
> This is illegal. 'www.foo.com' is not allowed to set a cookie for any of
> its sub domains! Even subdomains are only allowed to set cookie for their
> immediate top-level domain, i.e. 'subdomain.www.foo.com' can set cookie for
> '.www.foo.com', but not for '.foo.com'. So as not to completely discard
> such invalid cookies, the cookiejar will accept the above cookie, but it
> will compeltely ignore the "domain=" parameter. This means the cookie will
> only be sent to the actual host (www.foo.com) that set it in the first
> place.
How do you explain the following then?
dcop kcookiejar kcookiejar addCookies 'http://www.foo.com/' 'Set-Cookie:
FOO=bar; domain=.foo.com' 100
dcop kcookiejar kcookiejar findCookies 'http://www.foo.com' 100
-> Cookie: FOO=bar
dcop kcookiejar kcookiejar findCookies 'http://subdomain.www.foo.com' 100
-> Cookie: FOO=bar
dcop kcookiejar kcookiejar addCookies 'http://subdomain.www.foo.com/'
'Set-Cookie: FOO=baz; domain=.foo.com' 100
dcop kcookiejar kcookiejar findCookies 'http://www3.foo.com' 100
-> Cookie: FOO=baz
dcop kcookiejar kcookiejar findCookies 'http://subdomain2.www.foo.com' 100
-> Cookie: FOO=baz
-John
More information about the kde-core-devel
mailing list