Empty attributes in Set-Cookie header #1169

nnposter opened this Issue Apr 1, 2018 · 0 comments


None yet
1 participant

nnposter commented Apr 1, 2018

Local function parse_set_cookie in http.lua cannot parse Set-Cookie header if it contains empty attributes:

Set-Cookie: JSESSIONID=aaa; ; Path=/;;Secure;HttpOnly;;

Such attributes are allowed per RFC 6265 errata.

(Issue created strictly for record; a fix will be committed shortly.)

@nmap-bot nmap-bot closed this in 59f80c3 Apr 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment