durusmail: quixote-users: cookies
cookies
2002-05-28
Patrick K. O'Brien
2002-05-28
Greg Ward
2002-05-28
Greg Ward
2002-05-28
Michael Watkins
2002-05-28
Patrick K. O'Brien
2002-05-28
Greg Ward
2002-05-28
Patrick K. O'Brien
2002-05-28
Patrick K. O'Brien
2002-05-29
Greg Ward
2002-05-29
Patrick K. O'Brien
2002-05-29
Greg Ward
2002-05-29
Patrick K. O'Brien
2002-05-29
Andrew Kuchling
2002-05-29
Greg Ward
2002-05-29
Andrew Kuchling
2002-05-29
Patrick K. O'Brien
2002-05-29
Patrick K. O'Brien
2002-05-29
Greg Ward
2002-05-29
Patrick K. O'Brien
cookies
Andrew Kuchling
2002-05-29
On Wed, May 29, 2002 at 02:31:45PM -0400, Greg Ward wrote:
>exactly what the examples in RFCs 2109 and 2965 illustrate.  Am I
>missing some vital paragraph that says a URI of "/qux" does not match a
>cookie path of "/q"?  (I don't think so: RFC 2965 even defines
>"path-match", and it looks to me like "/qux" path-matches "/q", which
>means Path="/q" in a Set-Cookie header is a security hole.)

I agree with your reading.  To me the name "path-match" would imply
something like "Split both strings apart and compare the resulting
lists", but RFC 2965 says that it's just a string comparison.  Stupid,
but it's what the text says.

--amk
reply