#240 Cookie Parsing failing for HttpOnly Cookies

3.12
closed
Philip Aston
None
1
2014-03-23
2013-06-07
Chris Barran
No

The Cookie.parse method is mangling this perfectly valid cookie.
Set-Cookie: nap.sid=s%3Ams3rfahjl9mCHmula5U1vv9H.sJGkzJojCliyoDUJgDNv30rjC0CqoRvVqaa%2B3j4z0V8; Path=/nap; HttpOnly; Secure

And turning it into
Set-Cookie: nap.sid=s%3AEz2JzmmKmISynN7nPujVwjO%2B.gxgOhA6ovhajiWRe8RZ9UHUKzjcBw1hl5f16cjMQ44I; Path=/nap;, Secure

Which it then announces is an Invalid cookie and exits.

I'm trying to use version 3.11

Discussion

  • juray
    juray
    2014-03-13

    I have the same bug for cookie __sid=a354d3babd303d18f66fd3791b196fc1; Path=/bss-www/sudo1000625-7e46506a8aed257a92516bc5ffa63132; HttpOnly; Secure

    I suggest the small patch for it

     
    Attachments
  • Philip Aston
    Philip Aston
    2014-03-23

    • status: open --> pending
    • assigned_to: Philip Aston
     
  • Philip Aston
    Philip Aston
    2014-03-23

    • status: pending --> closed