even www.wordpress.com does the same thing and it seems to work fine in FF *https://en.wordpress.com/wp-login.php* POST /wp-login.php HTTP/1.1 Set-Cookie: wordpress=VALUE; expires=Fri, 17-Jun-2011 19:32:09 GMT; * path=/wp-admin;* domain=.wordpress.com; httponly
the browser is at url "/" , the post is to url */wp-login.php *- what is the path to be compared with - the url the browser is at or the URL that is being posted to. ? regards deepak On Fri, Jun 3, 2011 at 4:26 AM, sebb <[email protected]> wrote: > On 3 June 2011 04:27, Deepak Shetty <[email protected]> wrote: > > You are right , that is the problem . However im wondering what the right > > behavior is > > If I request "/testjmeter/wp-login.php" > > Then arent these valid paths for set-cookie > > / > > /testjmeter > > /testjmeter/wp-login.php > > /testjmeter/child/ --> This is the problematic one. I was under the > > impression this was allowed? > > The Netscape specs (such as they are) are not entirely clear on this. > I have found the following: > > [1] the pathname component of the URL is compared with the path > attribute, and if there is a match, the cookie is considered valid and > is sent along with the URL request. The path "/foo" would match > "/foobar" and "/foo/bar.html". The path "/" is the most general path. > > RFC2109 says cookies should be rejected if "The value for the Path > attribute is not a prefix of the request-URI." > > My reading is that /testjmeter/child/ is not allowed by either cookie > spec. > > > if my page is at the root /wp-login.php then I think all directories > under / > > are allowed in the Set-Cookie? > > If the path is set to /, then all files and directories under it are > allowed. > However, as far as I can tell, if the path is set to /wp-login.php > then it is only valid for /wp-login.php (and ./wp-login.php/xzy if > that exists) > > > I tried to look through the cookie RFC and didnt seem to find information > > one way or the other > > See above. > > > I can verify your fix works > > CookieManager.check.cookies=false -- Daniel this should work without > needing > > to manipulate cookies (In my example set this in jmeter.properties and > > disable the pre processor that adds the cookie) > > Best to add this to user.properties > > [1] http://curl.haxx.se/rfc/cookie_spec.html > [2] > http://devedge-temp.mozilla.org/library/manuals/2000/javascript/1.3/reference/cookies.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
