cookies: only consider full path matches (04f52e9b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

Commit 04f52e9b authored May 18, 2013 by

YAMADA Yasuharu Committed by Daniel Stenberg May 18, 2013

cookies: only consider full path matches

I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
  the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4

parent 100a33f7

Hide whitespace changes

Inline Side-by-side

Please register or to comment