Re: [Cgi-session-user] [Fwd: [rt.cpan.org #34280] Incorrect session ID for subdomain]

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> o Digression: Line 93 of CGI::Cookie is:
>     s/\s*(.*?)\s*/$1/;
> whereas line 34 of CGI::Simple::Cookie is:
>         $pair =~ s/^\s+|\s+$//;    # trim leading trailing whitespace
> You can see there's a missing /g on this last line, since it removes
> either leading or trailing spaces, but not both. I'll log a bug report.

Great catch, Ron!

> Whose responsibility is it to ensure only cookies for the 'current'
> domain are retrieved from the headers sent by the client? I suppose the
> client should only be sending 'relevant' cookies. Perhaps in OP's
> situation, both cookies are relevant?

I did the Perlmonks.org test of logging in both with and without the 
"www" and then checking the cookies set when I visit "www". Two cookies 
are sent. Firefox sent "perlmonks.org" first, and then 
"www.perlmonks.org" second.

I also read the Cookie RFC to see if there is a "right" order to send 
and parse cookies in, and it appears there is not.

Therefore, I think this is not a bug at all, but the user's burden to 
check the domain in this case and make sure they have the right cookie.

    Mark