[Mono-bugs] [Bug 76906][Wis] New - HttpCookie Secure Property Does Not Set

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Sat Dec 3 22:52:24 EST 2005 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by monobugzilla at yellowguppy.com.

http://bugzilla.ximian.com/show_bug.cgi?id=76906

--- shadow/76906	2005-12-03 22:52:24.000000000 -0500
+++ shadow/76906.tmp.31375	2005-12-03 22:52:24.000000000 -0500
@@ -0,0 +1,114 @@
+Bug#: 76906
+Product: Mono: Class Libraries
+Version: 1.1
+OS: GNU/Linux [Other]
+OS Details: Debian Testing
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Wishlist
+Component: Sys.Web
+AssignedTo: gonzalo at ximian.com                            
+ReportedBy: monobugzilla at yellowguppy.com               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: HttpCookie Secure Property Does Not Set
+
+Description of Problem:
+When creating cookies using the Response.Cookies objects, I set the Secure
+flag on the HttpCookie but this flag does not update correctely and it
+seems to always default to Secure being true.
+
+The debian packages that I have installed are..
+
+ii  mono                       1.1.10-1       Mono CLI (.NET) runtime
+ii  mono-apache-server         1.1.10-0pre2   backend for mod_mono Apache
+module
+ii  mono-assemblies-base       1.1.10-1       Mono class library -
+transistion package
+ii  mono-classlib-1.0          1.1.10-1       Mono class library (1.0)
+ii  mono-classlib-2.0          1.1.10-1       Mono class library (2.0)
+ii  mono-common                1.1.10-1       common files for Mono
+ii  mono-gmcs                  1.1.10-1       Mono C# 2.0 compiler
+ii  mono-jit                   1.1.10-1       fast CLI (.NET) JIT compiler
+for Mono
+ii  mono-mcs                   1.1.10-1       Mono C# compiler
+ii  mono-xsp                   1.0.5-2        simple web server to run
+ASP.NET application
+ii  mono-xsp-base              1.1.10-0pre2   base libraries for XSP 1.1
+ii  mono-xsp2-base             1.1.10-0pre2   base libraries for XSP 2.0
+
+Steps to reproduce the problem:
+1. Create a aspx page with the following function, on a non-ssl ms server
+and non-ssl mono server
+
+private void Page_Load(object sender, System.EventArgs e)
+{
+
+this.Response.Cookies["test"].Value =
+Convert.ToString(System.DateTime.Now.Ticks);
+this.Response.Cookies["test"].Secure = this.Context.Request.IsSecureConnection;
+this.Response.Cookies["test"].Path = this.Context.Request.ApplicationPath;
+
+if (this.Response.Cookies["test"].Secure ==
+this.Context.Request.IsSecureConnection) 
+{
+this.Response.Write("Secure value of cookie1 was set correctely<br>");
+this.Response.Write("cookie:" + this.Response.Cookies["test"].Secure + "<br>");
+this.Response.Write("request:" + this.Context.Request.IsSecureConnection +
+"<br>");
+} 
+else 
+{
+this.Response.Write("Secure value of cookie1 was NOT set correctely<br>");
+this.Response.Write("cookie:" + this.Response.Cookies["test"].Secure + "<br>");
+this.Response.Write("request:" + this.Context.Request.IsSecureConnection +
+"<br>");
+}
+
+System.Web.HttpCookie cookie2 = new System.Web.HttpCookie("test2");
+cookie2.Secure = this.Context.Request.IsSecureConnection;
+cookie2.Path = this.Context.Request.ApplicationPath;
+this.Response.Cookies.Add(cookie2);
+
+if (this.Response.Cookies["test2"].Secure ==
+this.Context.Request.IsSecureConnection) 
+{
+this.Response.Write("Secure value of cookie2 was set correctely<br>");
+this.Response.Write("cookie:" + this.Response.Cookies["test"].Secure + "<br>");
+this.Response.Write("request:" + this.Context.Request.IsSecureConnection +
+"<br>");
+} 
+else 
+{
+this.Response.Write("Secure value of cookie2 was NOT set correctely<br>");
+this.Response.Write("cookie:" + this.Response.Cookies["test"].Secure + "<br>");
+this.Response.Write("request:" + this.Context.Request.IsSecureConnection +
+"<br>");
+}
+}
+
+2. The MS runtime should allow updates to the Secure property.
+
+Output:
+Secure value of cookie1 was set correctely
+cookie:False
+request:False
+Secure value of cookie2 was set correctely
+cookie:False
+request:False
+
+3. The mono runtime should will not update the Secure property.
+
+Output:
+Secure value of cookie1 was NOT set correctely
+cookie:True
+request:False
+Secure value of cookie2 was NOT set correctely
+cookie:True
+request:False
+
+How often does this happen? 
+consistently

More information about the mono-bugs mailing list