Bugs item #3404495, was opened at 2011-09-05 23:04
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3404495&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Michael Brooks (sitewatch)
Assigned to: Nobody/Anonymous (nobody)
Summary: COOKIELIST producing invalid cookie.

Initial Comment:
To recreate this bug:

1)A web application sets a cookie using:
set-cookie: lang=en;

2)A programmer tries to modify this value using using setopt(), the only difference is the PATH part of the cookie. (the paths overlap such as / and /form/ but the variable name is identical)
'localhost\tFALSE\t/\tFALSE\t0\tlang\tgr'

The malformed HTTP request:
Cookie: lang=en; PHPSESSID=jnkgarlbkqmg0i9bruds97kof3; lang=gr;

This cookie value CAN NEVER HAPPEN IN A BROWSER. But more importantly why would a programmer want this? How is this behavior useful? As a user of your software i just want to modify this cookie value, but the end result is that whatever value i set is ignored because all web application platforms just pick the first cookie value. This is clearly broken.

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2011-09-05 23:14

Message:
Please help us repeat this instead of getting hostile.

First, what's the URL of the site that sets the cookie in step (1) ?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3404495&group_id=976
Received on 2011-09-05