[Mono-bugs] [Bug 65878][Nor] New - HttpWebResponse doesn't add cookie path

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Mon, 13 Sep 2004 14:26:34 -0400 (EDT)


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by lewing@ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=65878

--- shadow/65878	2004-09-13 14:26:34.000000000 -0400
+++ shadow/65878.tmp.4944	2004-09-13 14:26:34.000000000 -0400
@@ -0,0 +1,50 @@
+Bug#: 65878
+Product: Mono: Class Libraries
+Version: unspecified
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: System
+AssignedTo: mono-bugs@ximian.com                            
+ReportedBy: lewing@ximian.com               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: HttpWebResponse doesn't add cookie path
+
+HttpWebResponse.SetCookies doesn't set the cook path by default.  It should
+set the new cookies path to the path of the requested uri. I'll quote the
+relavent bit of the RFC below just for completeness.
+
+
+RFC 2109            HTTP State Management Mechanism        February 1997
+
+
+4.3  User Agent Role
+
+4.3.1  Interpreting Set-Cookie
+
+   The user agent keeps separate track of state information that arrives
+   via Set-Cookie response headers from each origin server (as
+   distinguished by name or IP address and port).  The user agent
+   applies these defaults for optional attributes that are missing:
+
+   VersionDefaults to "old cookie" behavior as originally specified by
+          Netscape.  See the HISTORICAL section.
+
+   Domain Defaults to the request-host.  (Note that there is no dot at
+          the beginning of request-host.)
+
+   Max-AgeThe default behavior is to discard the cookie when the user
+          agent exits.
+
+   Path   Defaults to the path of the request URL that generated the
+          Set-Cookie response, up to, but not including, the
+          right-most /.
+
+   Secure If absent, the user agent may send the cookie over an
+          insecure channel.