cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Cookie path matching case sensitivity

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 7 Jul 2006 10:32:53 +0200 (CEST)

On Thu, 6 Jul 2006, Ates Goral wrote:

> cURL's cookie path matching seems to be case insensitive. Is this a bug or a
> design decision?

I think it looks like a bug! Nice research.

> What does the cookie spec say about this?

The problem here is that "the cookie spec" that everyone still base their
cookie works on is the old original Netscape document and it isn't very
detailed.

> Is it left to the implementation or is there a well defined standard for
> this?

Later more detailed and properly documented RFCs for cookies, like RFC 2965
says (section 3.3.3)

"the old and new Path attribute values string-compare equal
(case-sensitive)."

You up to provide us with a patch that corrects this flaw?

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html

Received on 2006-07-07

This message: [ Message body ]
Next message: Ratna Gudlavalleti: "CURLINFO_LASTSOCKET always return -1 with Https url (libcurl 7.15.4, openssl-0.9.8b)"
Previous message: Daniel Stenberg: "Re: strange behavior on some machines"
In reply to: Ates Goral: "Cookie path matching case sensitivity"
Next in thread: Ates Goral: "RE: Cookie path matching case sensitivity"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]