[Mono-bugs] [Bug 65864][Maj] Changed - Cookies incorrectly include path and domain information in requests

[bugzilla-daemon@bugzilla.ximian.com]

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by lewing@ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=65864

--- shadow/65864	2004-09-13 15:22:43.000000000 -0400
+++ shadow/65864.tmp.8525	2004-09-13 16:35:13.000000000 -0400
@@ -31,6 +31,40 @@
 VALUE           =  value
 path            =  "$Path" "=" value
 domain          =  "$Domain" "=" value
 port            =  "$Port" [ "=" <"> value <"> ]
 
 What spec are you referring to?
+
+------- Additional Comments From lewing@ximian.com  2004-09-13 16:35 -------
+http://www.ietf.org/rfc/rfc2109.txt defines the Set-Cookie: header and 
+4.2.2  Set-Cookie Syntax
+says 
+Version=version
+      Required.  The Version attribute, a decimal integer, identifies to
+      which version of the state management specification the cookie
+      conforms.  For this specification, Version=1 applies.
+
+and
+
+The user agent keeps separate track of state information that arrives
+   via Set-Cookie response headers from each origin server (as
+   distinguished by name or IP address and port).  The user agent
+   applies these defaults for optional attributes that are missing:
+
+   Version Defaults to "old cookie" behavior as originally specified by
+          Netscape.  See the HISTORICAL section.
+
+
+the old cookie behavior is defined by 
+
+http://home.netscape.com/newsref/std/cookie_spec.html
+
+
+and that does not reply with the path information, so based on what
+I've seen in firefox and the reading of the specs, if the response
+includes a Set-Cookie: without a version attribute the Cookie should
+generate a Cookie: header that does not include the path.
+
+
+
+