[Mono-bugs] [Bug 65864][Maj] Changed - Cookies incorrectly include path and domain information in requests
Mon, 13 Sep 2004 16:35:13 -0400 (EDT)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by email@example.com.
--- shadow/65864 2004-09-13 15:22:43.000000000 -0400
+++ shadow/65864.tmp.8525 2004-09-13 16:35:13.000000000 -0400
@@ -31,6 +31,40 @@
VALUE = value
path = "$Path" "=" value
domain = "$Domain" "=" value
port = "$Port" [ "=" <"> value <"> ]
What spec are you referring to?
+------- Additional Comments From firstname.lastname@example.org 2004-09-13 16:35 -------
+http://www.ietf.org/rfc/rfc2109.txt defines the Set-Cookie: header and
+4.2.2 Set-Cookie Syntax
+ Required. The Version attribute, a decimal integer, identifies to
+ which version of the state management specification the cookie
+ conforms. For this specification, Version=1 applies.
+The user agent keeps separate track of state information that arrives
+ via Set-Cookie response headers from each origin server (as
+ distinguished by name or IP address and port). The user agent
+ applies these defaults for optional attributes that are missing:
+ Version Defaults to "old cookie" behavior as originally specified by
+ Netscape. See the HISTORICAL section.
+the old cookie behavior is defined by
+and that does not reply with the path information, so based on what
+I've seen in firefox and the reading of the specs, if the response
+includes a Set-Cookie: without a version attribute the Cookie should
+generate a Cookie: header that does not include the path.