[Mono-dev] HttpOnly and Expires not handled by CookieContainer.SetCookies(Uri, string)
Tom Philpot
tom.philpot at logos.com
Sun Oct 25 01:20:20 EDT 2009
While troubleshooting a web service authentication problem our app is
having, I noticed that CookieContainer.SetCookies(Uri, string) has a few
problems.
1) It assumes that the Set-Cookie header only has one cookie in it, since it
does not account for several comma separated cookies (as the MSDN docs
state, and RFC 2109 section 4.2.2)
2) It does not properly set Cookie.Expires or Cookie.HttpOnly (for .NET
2.0). The current implementation will assume that expires=... specifies a
new cookie. Similarly, HttpOnly will cause the CookieContainer to throw an
exception when the cookie is being created since it assumes HttpOnly is a
cookie name with no value.
3) I also noticed most of the CookieContainer tests are marked as
"NotWorking".
Is CookieContainer really that broken, or am I missing something?
Tom
More information about the Mono-devel-list
mailing list