hosed cookie handling
Dirk Mueller
mueller at kde.org
Mon Dec 23 12:32:53 GMT 2002
On Sam, 21 Dez 2002, Waldo Bastian wrote:
> I'm pretty sure IE implements netscape cookies, maybe you mean that IE
> implements netscape cookies differently from the netscape spec wrt the path
> check?
Yes. No browser implements the netscape spec AFAIK.
> I don't understand what you mean with "IE - compatible" mode though, from the
> look of our patch it seems very incompatible with everything else.
Well, did you try it ? IE only allows "." (besides ?, #, etc which we handle
differently anyway) to follow in the path.
> > In addition, at least mailman registered the cookie with path ==
> > "/mailman/", so the path check had an off-by-one.
> The path check is ok for path == "/mailman", it requires an additional check
> to handle path == "/mailman/".
The check you committed appears bogus. now /mailman0/ is accepted as valid
path for /mailman/ I think.
> The toplevel domain is ".name". I assume that what you mean is that
> "mueller.name" should also be treated as a toplevel domain in order to
> prevent "dirk.mueller.name" from setting a cookie for "mueller.name" so that
> it doesn't end up with "karin.mueller.name".
correct. <foobar>.name is the toplevel domain, similiar to co.uk etc.
--
Dirk (received 233 mails today)
More information about the kfm-devel
mailing list