Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P2: Important
Fix Version/s: 5.11.1
Affects Version/s: 5.5.1, 5.6.0
Component/s: Network: Cookies
Labels:
- Reported_by_support_standard

Commits:
51e14787d5c31a6397dbc43a134397f9bec8c6b3

Description

When a cookie header does not have a domain set then it falls back to the host but this can cause a problem when being validated. For example in the following cookie header case:

HTTP/1.1 200 OK
*Set-Cookie: Genero-SID=7a429c67a722aa98ea5191fe0812acd6; Path=/; HttpOnly *
Server: GAS/3.00.10-150029(__l32xl212)
Content-Type: text/plain
Cache-Control: no-cache
Expires: -1
Pragma: no-cache
Transfer-Encoding: chunked

Then if this "Genero-SID" cookie is sent from a server on host "support" or "foo" without specifying whole name in the url, like http://support:80/some_url (and NOT http://support.com:80/some_url) Then the cookie will not be validated correctly, even though it should be based on the standard in this case.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Mårten Nordheim

Reporter:: Andy Shaw

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22 Mar '16 07:46

Updated:: 02 May '18 10:31

Resolved:: 02 May '18 10:31

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

Stop rejecting cookies which have a domain that matches a TLD: Gerrit Review: