Bug 16699 - Cookie parsing terminates at the first semicolon, ignoring quotes
: Cookie parsing terminates at the first semicolon, ignoring quotes
Status: RESOLVED INVALID
Product: WebKit
Classification: Unclassified
Component: New Bugs
: 528+ (Nightly build)
: Macintosh All
: P2 Normal
Assigned To: Nobody
: InRadar, ReviewedForRadar
Depends on:
Blocks: 36997
  Show dependency treegraph
 
Reported: 2008-01-01 13:49 PST by Andi Sidwell
Modified: 2010-04-01 17:45 PDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andi Sidwell 2008-01-01 13:49:52 PST
From http://ewx.livejournal.com/459902.html:

Using the HTTP header:

Set-Cookie: disorder="477beccb;richard";Version=1;Path="/index.cgi"

Firefox sends back the same cookie, but Safari thinks the disorder cookie is "477beccb.

Relevant spec is RFC 2109 (http://tools.ietf.org/html/rfc2109).
Comment 1 David Kilzer (:ddkilzer) 2008-01-01 14:42:57 PST
Verified with a local debug build of WebKit r29071 with Safari 3.0.4 (523.12.2) on Mac OS X 10.4.11 (8S165).

Needs to be tested with Safari on Leopard and Safari for Windows.

Comment 2 David Kilzer (:ddkilzer) 2008-01-01 14:47:03 PST
(In reply to comment #1)
> Verified with a local debug build of WebKit r29071 with Safari 3.0.4 (523.12.2)
> on Mac OS X 10.4.11 (8S165).

Note that on Tiger, the path is reported as "/" (literally, with double quotes) and the value is reported as "477beccb (literally, with one double quote) in Safari preferences.

Comment 3 David Kilzer (:ddkilzer) 2008-01-01 14:57:11 PST
(In reply to comment #2)
> Note that on Tiger, the path is reported as "/" (literally, with double quotes)
> and the value is reported as "477beccb (literally, with one double quote) in
> Safari preferences.

Same thing occurs with Safari 3.0.4 (5523.10.6) on Mac OS X Server 10.5.1 (9B18).

Comment 4 David Kilzer (:ddkilzer) 2008-01-01 14:57:48 PST
<rdar://problem/5666078>
Comment 5 David Kilzer (:ddkilzer) 2008-01-01 15:00:02 PST
This bug is not in WebKit, but in a lower-level framework, thus closing this bug as RESOLVED/INVALID.

The issue will be tracked by the Radar mentioned in Comment #4.

Comment 6 David Kilzer (:ddkilzer) 2009-05-20 16:13:44 PDT
Added test case for this bug:

http://trac.webkit.org/changeset/43939
http://trac.webkit.org/changeset/43940