Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Cookie names do not respect case #71

Firehed opened this Issue Jan 30, 2011 · 1 comment


None yet
2 participants

Firehed commented Jan 30, 2011

If the server sends a cookie with an uppercase name (ex. PHP's default session cookie, PHPSESSID), Zombie sends that cookie back to the server with a lowercased name on subsequent requests, which may cause the server to ignore it.

{ server: 'nginx/0.7.67'
, date: 'Sun, 30 Jan 2011 22:33:21 GMT'
, 'content-type': 'text/html; charset=UTF-8'
, 'transfer-encoding': 'chunked'
, connection: 'close'
, vary: 'Accept-Encoding'
, 'set-cookie': 'PHPSESSID=hr1o146trejdk09tlb2pnuavd4; path=/; domain=zombie-test.com'
, expires: 'Thu, 19 Nov 1981 08:52:00 GMT'
, 'cache-control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0'
, pragma: 'no-cache'
The above value (lowercased key) is mirrored at the server on subsequent requests.

This is my first time trying to submit a patch to github so hopefully it works :) I just skimmed the cookie RFC and it doesn't look like any case mangling should occur.

From 18dacaa9e5f85c6f6ea9ea52fa5e9462e79c66f7 Mon Sep 17 00:00:00 2001
From: Eric Stern <firehed@gmail.com>
Date: Sun, 30 Jan 2011 14:49:57 -0800
Subject: [PATCH] Correct issue where cookie names did not respect case

 src/zombie/cookies.coffee |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/src/zombie/cookies.coffee b/src/zombie/cookies.coffee
index def8c0f..2f4a410 100644
--- a/src/zombie/cookies.coffee
+++ b/src/zombie/cookies.coffee
@@ -66,7 +66,6 @@ class Cookies
     this.set = (name, value, options = {})->
       return if options.domain && !domainMatch(options.domain, hostname)

-      name = name.toLowerCase()
       state = { value: value.toString() }
       if options.expires
         state.expires = options.expires.getTime()

assaf commented Feb 2, 2011

Thanks, fixed in head.

@djanowski djanowski pushed a commit to djanowski/zombie that referenced this issue Jun 12, 2015

@assaf assaf Fixes #71 cookie names now preserve case. a74419f

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment