cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[ curl-Bugs-3404495 ] COOKIELIST producing invalid cookie.

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Mon, 05 Sep 2011 17:19:03 -0400

Bugs item #3404495, was opened at 2011-09-05 17:04
Message generated for change (Comment added) made by sitewatch
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3404495&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: wrong behaviour
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Michael Brooks (sitewatch)
Assigned to: Daniel Stenberg (bagder)
Summary: COOKIELIST producing invalid cookie.

Initial Comment:
To recreate this bug:

1)A web application sets a cookie using:
set-cookie: lang=en;

2)A programmer tries to modify this value using using setopt(), the only difference is the PATH part of the cookie. (the paths overlap such as / and /form/ but the variable name is identical)
'localhost\tFALSE\t/\tFALSE\t0\tlang\tgr'

The malformed HTTP request:
Cookie: lang=en; PHPSESSID=jnkgarlbkqmg0i9bruds97kof3; lang=gr;

This cookie value CAN NEVER HAPPEN IN A BROWSER. But more importantly why would a programmer want this? How is this behavior useful? As a user of your software i just want to modify this cookie value, but the end result is that whatever value i set is ignored because all web application platforms just pick the first cookie value. This is clearly broken.

----------------------------------------------------------------------

>Comment By: Michael Brooks (sitewatch)
Date: 2011-09-05 17:19

Message:
In step 1 the file is in /form/index.php and its being set for /form/

But at the end of the day i know i have a cookie with the variable name
"lang" (who cares about the path and flags?) And i just want to set it to
a different value, this should be easy and it should never duplicate the
value.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2011-09-05 17:14

Message:
Please help us repeat this instead of getting hostile.

First, what's the URL of the site that sets the cookie in step (1) ?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3404495&group_id=976
Received on 2011-09-05

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET