RESOLVED INVALID 16699
Cookie parsing terminates at the first semicolon, ignoring quotes 
https://bugs.webkit.org/show_bug.cgi?id=16699
Summary Cookie parsing terminates at the first semicolon, ignoring quotes
Andi Sidwell
Reported 2008-01-01 13:49:52 PST
From http://ewx.livejournal.com/459902.html: Using the HTTP header: Set-Cookie: disorder="477beccb;richard";Version=1;Path="/index.cgi" Firefox sends back the same cookie, but Safari thinks the disorder cookie is "477beccb. Relevant spec is RFC 2109 (http://tools.ietf.org/html/rfc2109).
Attachments
Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2008-01-01 14:42:57 PST
Verified with a local debug build of WebKit r29071 with Safari 3.0.4 (523.12.2) on Mac OS X 10.4.11 (8S165). Needs to be tested with Safari on Leopard and Safari for Windows.
David Kilzer (:ddkilzer)
Comment 2 2008-01-01 14:47:03 PST
(In reply to comment #1) > Verified with a local debug build of WebKit r29071 with Safari 3.0.4 (523.12.2) > on Mac OS X 10.4.11 (8S165). Note that on Tiger, the path is reported as "/" (literally, with double quotes) and the value is reported as "477beccb (literally, with one double quote) in Safari preferences.
David Kilzer (:ddkilzer)
Comment 3 2008-01-01 14:57:11 PST
(In reply to comment #2) > Note that on Tiger, the path is reported as "/" (literally, with double quotes) > and the value is reported as "477beccb (literally, with one double quote) in > Safari preferences. Same thing occurs with Safari 3.0.4 (5523.10.6) on Mac OS X Server 10.5.1 (9B18).
David Kilzer (:ddkilzer)
Comment 4 2008-01-01 14:57:48 PST
<rdar://problem/5666078>
David Kilzer (:ddkilzer)
Comment 5 2008-01-01 15:00:02 PST
This bug is not in WebKit, but in a lower-level framework, thus closing this bug as RESOLVED/INVALID. The issue will be tracked by the Radar mentioned in Comment #4.
David Kilzer (:ddkilzer)
Comment 6 2009-05-20 16:13:44 PDT
Added test case for this bug: http://trac.webkit.org/changeset/43939 http://trac.webkit.org/changeset/43940
Note You need to log in before you can comment on or make changes to this bug.