Cookie handling changed to match most browsers behavior. #1050

Closed
wants to merge 2 commits into
from

Projects

None yet

3 participants

@ksa-real
Contributor
ksa-real commented Oct 3, 2016 edited

Cokie with the same domain but different tailmatching property are
now considered different and do not replace each other.
If header contains following lines then two cookies will be set:
Set-Cookie: foo=bar; domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033
Set-Cookie: foo=baz; domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033

This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, and Firefox send them in the
stored order, while Safari pre-sort the cookies.

@ksa-real ksa-real Cookie handling changed to match most browsers behavior.
Cokie with the same same domain but different tailmatching property are
now considered different and do not replace each other.
If header contains following lines then two cookies will be set:
Set-Cookie: foo=bar; domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033
Set-Cookie: foo=baz; domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033

This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, Firefox store send them in the
stored order, while Safari pre-sort the cookies.
81084d6
@mention-bot

@ksa-real, thanks for your PR! By analyzing the history of the files in this pull request, we identified @umgnay, @bagder and @bgilbert to be potential reviewers.

@bagder bagder added the HTTP label Oct 3, 2016
lib/cookie.c
@@ -817,7 +817,8 @@ Curl_cookie_add(struct Curl_easy *data,
/* the names are identical */
if(clist->domain && co->domain) {
- if(Curl_raw_equal(clist->domain, co->domain))
+ if(Curl_raw_equal(clist->domain, co->domain) &&
+ clist->tailmatch == co->tailmatch)
@bagder
bagder Oct 3, 2016 Member

I prefer having the second condition within parentheses too, to make it easier for readers of the code to figure out precedence.

@bagder
bagder approved these changes Oct 3, 2016 View changes

Apart from that little nit, this looks like a small and elegant fix and even with a test case so I think we can merge once fixed.

@ksa-real ksa-real Commend addressed (extra brackets)
4de8e07
@bagder bagder added a commit that closed this pull request Oct 3, 2016
@ksa-real @bagder ksa-real + bagder cookies: same domain handling changed to match browser behavior
Cokie with the same domain but different tailmatching property are now
considered different and do not replace each other.  If header contains
following lines then two cookies will be set: Set-Cookie: foo=bar;
domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033

This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, Firefox store send them in the
stored order, while Safari pre-sort the cookies.

Closes #1050
54e48b1
@bagder bagder closed this in 54e48b1 Oct 3, 2016
@bagder
Member
bagder commented Oct 3, 2016

thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment