Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-52040

When a cookie header does not have a domain set then it falls back to the host but this can cause a problem when being validated

    XMLWordPrintable

Details

    • 51e14787d5c31a6397dbc43a134397f9bec8c6b3

    Description

      When a cookie header does not have a domain set then it falls back to the host but this can cause a problem when being validated. For example in the following cookie header case:

      HTTP/1.1 200 OK
*Set-Cookie: Genero-SID=7a429c67a722aa98ea5191fe0812acd6; Path=/; HttpOnly *
Server: GAS/3.00.10-150029(__l32xl212)
Content-Type: text/plain
Cache-Control: no-cache
Expires: -1
Pragma: no-cache
Transfer-Encoding: chunked

      Then if this "Genero-SID" cookie is sent from a server on host "support" or "foo" without specifying whole name in the url, like http://support:80/some_url (and NOT http://support.com:80/some_url) Then the cookie will not be validated correctly, even though it should be based on the standard in this case.

      Attachments

        Activity

          People

            manordheim MÃ¥rten Nordheim
            andysh Andy Shaw
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: