[AnyEvent::HTTP] bug while handling cookie

Marc Lehmann schmorp at schmorp.de
Thu Jul 18 18:25:13 CEST 2013


On Thu, Jul 18, 2013 at 10:03:04PM +0600, Andrey Khozov <avkhozov at googlemail.com> wrote:
> I know that when HTTP server sends to client a following header:
>
> *Set-Cookie: name=data; Path=/; Domain=example.com*
> 
> User agent for the next request to *http://example.com* should send to the
> server this header:
> 
> *Cookie: name=data*
> 
> AnyEvent::HTTP does not it.

I think it does - at least if I modify your example program to use
"example.com" in the jar and in the extract call, it does extract the
cookie, and I have no reason to believe that it wouldn't do the same when
used internally.

It also seems to be a different issue than what you were talking about
before. (.example.com vs. example.com).

> This is described in http://tools.ietf.org/html/rfc6265#section-4.1.2.3, for example.

And it is also what ae::http implements.

Note also that you are quoting the wrong section, the relevant section is
5.1.3 (Domain Matching), section 4 is completely irrelevant for this problem.

> I realized that my previous patch is not correct, but the current behavior
> of the AE::HTTP is also not correct.

You have given zero evidence for that so far though - in fact, your
evidence shows that it works according to the RFC for at least for that
domain (ae::http does not even attempt to implement rfc6265).

Lastly, what counts is not that rfc or any other, as real world servers
expect slightly different rules. AnyEvent::HTTP tries to follow whats
practical, not any of the many rfcs that were never implemented by
anybody.

Again, whats corretc or not is a difficult question, and cannot be
answered by quoting the (mostly irrelevant) RFCs on this topic.

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      schmorp at schmorp.de
      -=====/_/_//_/\_,_/ /_/\_\



More information about the anyevent mailing list