[AnyEvent::HTTP] bug while handling cookie

Andrey Khozov avkhozov at googlemail.com
Thu Jul 18 18:03:04 CEST 2013


I do not agree.

I know that when HTTP server sends to client a following header:

*Set-Cookie: name=data; Path=/; Domain=example.com*

User agent for the next request to *http://example.com* should send to the
server this header:

*Cookie: name=data*

AnyEvent::HTTP does not it. This is described in
http://tools.ietf.org/html/rfc6265#section-4.1.2.3, for example.

I realized that my previous patch is not correct, but the current behavior
of the AE::HTTP is also not correct.


On Thu, Jul 18, 2013 at 7:00 PM, Marc Lehmann <schmorp at schmorp.de> wrote:

> On Thu, Jul 18, 2013 at 06:41:07PM +0600, Andrey Khozov <
> avkhozov at googlemail.com> wrote:
> > In AnyEvent::HTTP the generation of 'Cookie' header in function
> > cookie_jar_extract incorrectly handled cookie with domain attribute that
> > begin with ".".
>
> All of rfc6265, rfc2965, rfc2109 and the original netscape cookie spec say
> the expected outcome would be the empty list, as is exactly what happens.
>
> --
>                 The choice of a       Deliantra, the free code+content
> MORPG
>       -----==-     _GNU_              http://www.deliantra.net
>       ----==-- _       generation
>       ---==---(_)__  __ ____  __      Marc Lehmann
>       --==---/ / _ \/ // /\ \/ /      schmorp at schmorp.de
>       -=====/_/_//_/\_,_/ /_/\_\
>



-- 
Andrey Khozov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schmorp.de/pipermail/anyevent/attachments/20130718/a1edaa87/attachment.html>


More information about the anyevent mailing list