Re: [http-state] Cookie path and trailing "/"
Zhong Yu <zhong.j.yu@gmail.com> Tue, 02 April 2013 01:28 UTC
Return-Path: <zhong.j.yu@gmail.com>
X-Original-To: http-state@ietfa.amsl.com
Delivered-To: http-state@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93A9221E80A5 for <http-state@ietfa.amsl.com>; Mon, 1 Apr 2013 18:28:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XnXuCLMuy60X for <http-state@ietfa.amsl.com>; Mon, 1 Apr 2013 18:28:38 -0700 (PDT)
Received: from mail-oa0-f51.google.com (mail-oa0-f51.google.com [209.85.219.51]) by ietfa.amsl.com (Postfix) with ESMTP id B250C21E804A for <http-state@ietf.org>; Mon, 1 Apr 2013 18:28:38 -0700 (PDT)
Received: by mail-oa0-f51.google.com with SMTP id g12so2528254oah.10 for <http-state@ietf.org>; Mon, 01 Apr 2013 18:28:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=iTd5xkfQofRrmEbi+R0d9VdTfbugqlryq2YB9Uuz1mM=; b=i2kZ3AvsZMvv/I055u+CdIVSsZQAIfY8rnHJrZ8dS9b2AinRZcDRrmKo9dwG3HrRC9 Yse8Dd0gF+HEd8VL8uZ4sJOcfVdQAr5MtvDrUF1kS047fm0Pgnz1vRDWFKNkYCnhyVNS ZQ9gZLUuskTo+pmTNdWKMY9/HdfkJJw7HhUjaWPEGDF4RoGnOJPTppr3EJwREJ7m7MPN XSMtBwJMQDIB5qNV7p6Owc5d8qITzqSmWXzL20tvY1XJAFvHdFcTb8+3PGIRTGHG981S hhMGM9o7bUMaBXoX3m5FGms/B1yWTdYSL10A/ejNdbjnKmcuaPxPvcqVehsShG3u2k1R 9cQA==
MIME-Version: 1.0
X-Received: by 10.60.170.20 with SMTP id ai20mr4941000oec.33.1364866115345; Mon, 01 Apr 2013 18:28:35 -0700 (PDT)
Received: by 10.76.22.130 with HTTP; Mon, 1 Apr 2013 18:28:35 -0700 (PDT)
In-Reply-To: <CACuKZqFayF+aZOhv3dJm2ds6YoU=Z+kDHNu2A467oHAzH2aDxQ@mail.gmail.com>
References: <CACuKZqFvJ5avoyZ6KT_nhjF6LBm4xKH5xdGTufL_a_CTsXWYyw@mail.gmail.com> <CAJE5ia8uHxD4j5x+P9tRdGxbz2OZed=1VvnEsoGrU6W=YqL3eg@mail.gmail.com> <CACuKZqFayF+aZOhv3dJm2ds6YoU=Z+kDHNu2A467oHAzH2aDxQ@mail.gmail.com>
Date: Mon, 01 Apr 2013 20:28:35 -0500
Message-ID: <CACuKZqHSeO50=NVJtqcr8n7_AOxRxBcadupG5eWzEeMcBOKgTA@mail.gmail.com>
From: Zhong Yu <zhong.j.yu@gmail.com>
To: Adam Barth <ietf@adambarth.com>
Content-Type: multipart/alternative; boundary="bcaec5540980f8a55304d956a7a2"
Cc: Pete Resnick <presnick@qti.qualcomm.com>, Barry Leiba <barryleiba@computer.org>, http-state <http-state@ietf.org>
Subject: Re: [http-state] Cookie path and trailing "/"
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 01:28:39 -0000
Never mind, there's already a bug - https://bugzilla.mozilla.org/show_bug.cgi?id=537207 I agree with Dan Witte that it's probably not a big deal, usually a server application will consistently use one of the two forms (if the application uses non-"/" Paths at all). Zhong Yu On Mon, Apr 1, 2013 at 8:18 PM, Zhong Yu <zhong.j.yu@gmail.com> wrote: > Cool, I'll file a bug to Firefox. > > > On Mon, Apr 1, 2013 at 8:07 PM, Adam Barth <ietf@adambarth.com> wrote: > >> On Mon, Apr 1, 2013 at 6:01 PM, Zhong Yu <zhong.j.yu@gmail.com> wrote: >> > Hello cookie masters, >> > >> > In the follow example of an http response, two cookies are set which >> differs in the trailing slash of the Path attribute >> > >> > HTTP/1.1 200 OK >> > Set-Cookie: n=v1; Path=/abc >> > Set-Cookie: n=v2; Path=/abc/ >> > >> > According to RFC6265, these are two distinct cookies. And cookie#2 is >> not applicable to request-path "/abc". >> > >> > In my tests, IE and Chrome conform to these requirement. My question >> is, are these requirement as intended? >> >> Yes. >> >> > What was the reason behind? >> >> Based on our testing at the time, it was the most widely implemented >> behavior. >> >> > On Firefox the two cookies are also treated as distinct cookies; >> however Firefox erroneously sends cookie#2 for request-path "/abc". Should >> that be considered a bug? >> >> If Firefox changes its behavior to match the spec, it will be more >> interoperable with other user agents, which seems like a good thing. >> >> Adam >> > >