Bug 19829

Summary: WebKit does not follow tail-matching algorithm for domain cookies
Product: WebKit Reporter: Daniel Doubleday <daniel.doubleday>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: ap, mrowe
Priority: P2 Keywords: InRadar
Version: 525.x (Safari 3.1)   
Hardware: Mac   
OS: OS X 10.4   

Daniel Doubleday
Reported 2008-06-30 11:24:40 PDT
My Server does (Javaish): Cookie cookie = new Cookie("testcookie", "testvalue"); cookie.setDomain(".foo.com"); response.addCookie(cookie); Problem: Webkit (tested with Safari and Adobe AIR) does send this cookie to server bar.foo.com but *not* to baz.bar.foo.com which I believe it should according to the 'spec'. From http://wp.netscape.com/newsref/std/cookie_spec.html <snip> When searching the cookie list for valid cookies, a comparison of the domain attributes of the cookie is made with the Internet domain name of the host from which the URL will be fetched. If there is a tail match, then the cookie will go through path matching to see if it should be sent. "Tail matching" means that domain attribute is matched against the tail of the fully qualified domain name of the host. A domain attribute of "acme.com" would match host names "anvil.acme.com" as well as "shipping.crate.acme.com". </snip>
Attachments
Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2008-06-30 11:27:45 PDT
I believe that which cookies to send may be handled by CFNetwork rather than WebKit in this instance.
Alexey Proskuryakov
Comment 2 2008-06-30 11:41:55 PDT
This is certainly a bug below WebKit in closed source Apple system frameworks. Would you be willing to file it via http://bugreport.apple.com for Apple engineers to take a look?
Alexey Proskuryakov
Comment 4 2008-07-01 04:29:07 PDT
Thank you! Now closing as INVALID per our process, this will continue to be tracked by Apple internally. <rdar://6046111>
Note You need to log in before you can comment on or make changes to this bug.