-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WARequestCookie>>path: sets empty path for '/' #917
Comments
I've added a couple of tests for edge cases. That has lead me to reading the specs (https://tools.ietf.org/html/rfc6265#section-5.1.4) and I've modified the path behaviour so that the path attribute will always be sent. The spec says that user-agents must use an equivalent of the following algorithm:
That means:
I think that setting the path attribute explicitly a) makes debugging easier and b) clarifies intent and c) prevents problems when browsers do funny things with path matching on implicit paths. What do you think? |
* initialize the cookie path attribute to '/' as that is what browsers are supposed to use as default / fallback * the cookie path attribute will now always be set * WARequestCookie>>pathEncoded now correctly answers '/' instead of the empty string when '/' was set as path * cookie paths are now forced to use a leading slash. Browsers will replace paths without leading slash with '/' * cookie paths are now forced to omit a trailing slash. Browsers will remove the trailing slash (with '/' as the exception) * nil, the empty string, and '/' are now treated as equal when setting the path of a cookie * added tests for all of the above * updated other cookie tests that did not expect the path attribute in the output
* fixed initialization of path attribute (could fail when no request context was yet available, e.g. when parsing cookies in the server adaptor)
I think that's a bug in |
(relates to issues #915 and #916, as setting the path on the session cookie can fix it to be used across the entire domain)
Output: 'foo=bar; path='
Expected: 'foo=bar; path=/
A possible workaround is to use
#pathEncoded:codec:
but I don't think that is the solutionThe text was updated successfully, but these errors were encountered: