#353 Cookies incorrectly rejected despite valid domain

closed-fixed
None
5
2008-04-02
2006-04-25
No

I hit a problem using httpunit to drive Gmail (for
filebunker.sourceforge.net). The basic issue is that a
www.google.com url is attempting to set a cookie with a
domain of www.google.com (exactly the same). The
problem is the way the getDomainAttributeStatus method
in CookieJar.java works, it prepends a "." to the
cookie's domain before comparing them, and thus ends up
failing with a DOMAIN_NOT_SOURCE_SUFFIX. I understand
why it prepends the ".", in order to avoid someone like
"www.evilyahoo.com" setting a cookie on "yahoo.com".
Patch as follows:

diff -ur -F'^f'
/cygdrive/c/garrick/work/3rdParty/httpunit-1.6.2/src/com/meterware/httpunit/cookies/CookieJar.java
com/meterware/httpunit/cookies/CookieJar.java
---
/cygdrive/c/garrick/work/3rdParty/httpunit-1.6.2/src/com/meterware/httpunit/cookies/CookieJar.java
2006-03-26 21:16:46.000000000 -0800
+++ com/meterware/httpunit/cookies/CookieJar.java
2006-04-25 13:06:28.779481200 -0700
@@ -382,6 +382,10 @@

private int getDomainAttributeStatus( String
domainAttribute, String sourceHost ) {
+ if (domainAttribute.equals(sourceHost)) {
+ return CookieListener.ACCEPTED;
+ }
+
if (!domainAttribute.startsWith("."))
domainAttribute = '.' + domainAttribute;

if (domainAttribute.lastIndexOf('.') == 0) {

Discussion

  • Wolfgang Fahl

    Wolfgang Fahl - 2008-04-02
    • assigned_to: nobody --> wolfgang_fahl
    • status: open --> closed-fixed
     
  • Wolfgang Fahl

    Wolfgang Fahl - 2008-04-02

    Logged In: YES
    user_id=1220573
    Originator: NO

    The change is now in the subversion repository and will be in the next build

     
  • Wolfgang Fahl

    Wolfgang Fahl - 2008-04-02

    Logged In: YES
    user_id=1220573
    Originator: NO

    Dear Garrick,

    thank you for your bug report and patch.
    The cookie acceptance / rejection business seems to be real tricky.
    Would you please look at bug 1533762 and suggest something about this on the mailing list - the patch there doesn't seem to work as expected.

    Yours
    Wolfgang

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks