Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upTreat first name/value pair in Set-Cookie: as the cookie name [RFC compliance] #709
Comments
bagder
added
the
HTTP
label
Mar 9, 2016
bagder
closed this
in
7f7fcd0
Mar 10, 2016
lock
bot
locked as resolved and limited conversation to collaborators
May 7, 2018
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
bagder commentedMar 9, 2016
RFC 6265 section 4.1.1 spells out that the first name/value pair in the header is the actual cookie name and content, while the following are the parameters.
libcurl currently has a more liberal approach which causes significant problems when introducing new cookie parameters, like the suggested new cookie priority draft.
The current parser gets all n/v pairs and the first name isn't a known parameter will be considered the cookie, thus accepting
Set-Cookie: Max-Age=2; name=daniel
while an RFC compliant parser should consider that to be a cookie named 'Max-Age'.