Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-52040

When a cookie header does not have a domain set then it falls back to the host but this can cause a problem when being validated

    XMLWordPrintable

Details

    • 51e14787d5c31a6397dbc43a134397f9bec8c6b3

    Description

      When a cookie header does not have a domain set then it falls back to the host but this can cause a problem when being validated. For example in the following cookie header case:

      HTTP/1.1 200 OK
      *Set-Cookie: Genero-SID=7a429c67a722aa98ea5191fe0812acd6; Path=/; HttpOnly *
      Server: GAS/3.00.10-150029(__l32xl212)
      Content-Type: text/plain
      Cache-Control: no-cache
      Expires: -1
      Pragma: no-cache
      Transfer-Encoding: chunked
      

      Then if this "Genero-SID" cookie is sent from a server on host "support" or "foo" without specifying whole name in the url, like http://support:80/some_url (and NOT http://support.com:80/some_url) Then the cookie will not be validated correctly, even though it should be based on the standard in this case.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            manordheim MÃ¥rten Nordheim
            andysh Andy Shaw
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes