From 04f52e9b4db01bcbf672c9c69303a4e4ad0d0fb9 Mon Sep 17 00:00:00 2001 From: YAMADA Yasuharu Date: Sat, 18 May 2013 22:51:31 +0200 Subject: cookies: only consider full path matches I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4 --- tests/data/test46 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'tests/data/test46') diff --git a/tests/data/test46 b/tests/data/test46 index f73acdee1..b6f8f83ef 100644 --- a/tests/data/test46 +++ b/tests/data/test46 @@ -52,8 +52,8 @@ TZ=GMT www.fake.come FALSE / FALSE 1022144953 cookiecliente si www.loser.com FALSE / FALSE 1139150993 UID 99 %HOSTIP FALSE / FALSE 1439150993 mooo indeed -#HttpOnly_%HOSTIP FALSE /w FALSE 1439150993 mooo2 indeed2 -%HOSTIP FALSE /wa FALSE 0 empty +#HttpOnly_%HOSTIP FALSE /want FALSE 1439150993 mooo2 indeed2 +%HOSTIP FALSE /want FALSE 0 empty @@ -77,8 +77,8 @@ Cookie: empty=; mooo2=indeed2; mooo=indeed www.fake.come FALSE / FALSE 1022144953 cookiecliente si www.loser.com FALSE / FALSE 1139150993 UID 99 %HOSTIP FALSE / FALSE 1439150993 mooo indeed -#HttpOnly_%HOSTIP FALSE /w FALSE 1439150993 mooo2 indeed2 -%HOSTIP FALSE /wa FALSE 0 empty +#HttpOnly_%HOSTIP FALSE /want FALSE 1439150993 mooo2 indeed2 +%HOSTIP FALSE /want FALSE 0 empty %HOSTIP FALSE / FALSE 2054030187 ckyPersistent permanent %HOSTIP FALSE / FALSE 0 ckySession temporary %HOSTIP FALSE / FALSE 0 ASPSESSIONIDQGGQQSJJ GKNBDIFAAOFDPDAIEAKDIBKE -- cgit v1.2.3