DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25264>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25264 Cookie rejected ------- Additional Comments From [EMAIL PROTECTED] 2003-12-09 07:17 ------- Please ignore my last comment about the cookie parsing. I mixed up the cookie domain and the host. The cookie is parsed correctly, the problem lies with the hostname. However, I do wonder whether there is some redirect involved. If sourceforge.net sends a redirect to www.sourceforge.net, the redirect is chased by HttpClient, and www.sourceforge.net sends a cookie for domain .sourceforge.net, will that cookie be verified against host sourceforge.net or against host www.sourceforge.net? I'm just guessing here. I don't have a sourceforge account to verify the behaviour. I just find it hard to imagine that browsers actually accept a cookie outside of the host's domain. Browser makers have gotten a lot of public beating for security bugs lately, and I'd consider this to be one. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
