Version: (using KDE Devel) Installed from: Compiled sources I have several site-specific cookie policies set, where I explicitly allow certain sites to set and get cookies. Up until a few weeks ago, this would override the "Reject all cookies" default setting for these sites. This stopped working and these cookies are not sent to the server anymore, if "Reject all cookies" is selected as the default policy. It works fine in "Ask for confirmation" mode (it doesn't ask on the specified sites and correctly sends the cookies).
*** This bug has been marked as a duplicate of 53249 ***
This is not the same bug as 53249. The site policy should always override the default policy. In this case, the site policy is set to allow, but no cookies are sent or stored. This worked fine in 3.1 and even in 3.2. Its only broken in CVS. In bug 53249, the problem is that he sets the site policy to reject, but he still wants the stored cookies for that site to be sent.
Then I cannot duplicate your problem. If I set the default policy to reject all and set my site specific policy to accept cookie from ".kde.org", then all cookies sent from .kde.org domain are accepted fine, while everything else is rejected...
Its fixed in CVS. The changes in kidna.cpp were responsible for this and I guess Thiago Macieira fixed it.
I hope comment #3 has been answered, but if not, I can duplicate that problem, even on bugs.kde.org itself: (I am using KDE "3.2 >=20040204", the one that came with Mandrake 10.0 official) This bug occurs with some web sites that need cookies, including Yahoo! and even this very site, "bugs.kde.org". The cookies from the domain (e.g. "kde.org") are set to "accept", although the default for sites not otherwise specified is to "reject" cookies. Somehow, it seems that there is some cookie or other that is rejected, since these sites say "you haven't turned cookies on", or something to that effect. HOWEVER, if the default for sites not otherwise specified is set to "ask for confirmation", instead of "reject", then it works --even though it never asks me what to do with a cookie that it received! That is, I go to bugs.kde.org (which is set to "accept" and should not be affected by the default cookies setting) and it works, but if the default is "reject" then even though bugs.kde.org is set to "accept", it doesn't work. It seems that somehow, the behaviour for sites LISTED in the site cookies policy, is affected by the DEFAULT setting for sites NOT LISTED in the site cookies policy.
I'm still having problems with cookies in KDE 3.4.1, with some sites like wellsfargo.com. As Ralf pointed out, the behaviour is different for "Reject all cookies" and "Ask for confirmation", though Konqueror never actually asks for a confirmation. I'd say that's a bug. If the "Reject all cookies" setting rejects something, there should be some means to see what cookies actually got rejected, so I can add a policy for them. But now, "Ask for confirmation" silently accepts those cookies. My settings are: Automatically accept session cookies Reject all cookies Site policy: accept ".wellsfargo.com" After I try to log in (and get rejected), I can see the following in the "Management" tab: domain ".online.wellsfargo.com" with one host "online.wellsfargo.com", domain ".wellsfargo.com" with several copies of "online.wellsfargo.com". Then, I delete all cookies and change the policy to "Ask for confirmation". I log in successfully (no questions about cookies asked), and I can see this in "Management": domain ".wellsfargo.com" with several copies of "online.wellsfargo.com" and one of "www.wellsfargo.com". (and no more ".online.wellsfargo.com" domain.) I hope you could figure out what is happening... Also, I think it would be nice if the site policy settings had an explanation for the "." - difference between ".foobar.com" and "foobar.com". Thanks.
Also, if I add a policy to accept cookies from ".online.wellsfargo.com", then I can log in even with the "Reject all cookies" policy. But shouldn't ".online.wellsfargo.com" be included in ".wellsfargo.com"? (Or if not, then again, with "Ask for confirmation" policy, I should be asked about it.)