Bug 149991

Summary: Can't read a cookie from another port
Product: [Applications] konqueror Reporter: Michael Maier <info>
Component: kcookiejarAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: adawit, faure, gassauer
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Michael Maier 2007-09-18 22:27:38 UTC 
Version:           Konqueror: 3.5.7 (using KDE KDE 3.5.7)
Installed from:    Unlisted Binary Package

hi!

If I create a cookie it is not possible to access this cookie from another port of the same host.
For example I create a cookie in a PHP Application on Apache Port 80. I also want to read this  cookie from my Ruby on Rails Application running on Port 3000.

It's not possible to read this cookie with Konquror 3.5.7(ArchLinux) but it works on Mozilla Firefox 2.0.0.6 and Opera 9.23. IE not tested.

You can test it very easy. Login to a Application which uses cookies.(e.g. phpMyAdmin)
Change the Port of your Webserver an look if you still logged in.

Thanks,
Michael M.
Comment 1 David Faure 2008-06-30 23:27:04 UTC 
Hmm, can you make a test server available for me? I don't have the time to set up that stuff, too many other bugs to look at :)
Comment 2 Dawit Alemayehu 2010-09-18 05:04:28 UTC 
*** Bug 151839 has been marked as a duplicate of this bug. ***
Comment 3 Dawit Alemayehu 2010-09-29 18:49:56 UTC 
SVN commit 1180984 by adawit:

- Follow the port restriction rules specified in RFC 2965 section 3.3.4. By default cookies are sent to all ports now. See bug# 149991.

- Added/modified test cases to test port restriction handling

- Replaced harded coded generic TLD (com, net, etc) with a configurable one specified in the domain_info file. Also updated the generic TLDs to the current set.

- Made cookiejar more portable by removing system calls:
   * Replaced the use of fopen with QFile.
   * Replaced strncmp and strncasecmp with their Qt equivalents, qstrncmp and qstricmp.This also combats
      crashes since the qt versions of those system calls does
      not crash when one of the two input parameters is NULL.
   * Replaced the remaining use of time with KDateTime. This also solves the last possible causes for the so
      called Y2K38 problem.

- Improved performance:
  * Use QStringBuilder for string concatenation.
  * Removed the check for the end of an iterator out of the loop statements.

- Make sure more specific site policies are honored before generic or global ones.

BUG:14991


 M  +1 -0        domain_info  
 M  +289 -269  kcookiejar.cpp  
 M  +8 -5        kcookiejar.h  
 M  +26 -29     kcookieserver.cpp  
 U                  kcookiewin.cpp  
 M  +3 -3        tests/cookie.test  
 M  +16 -0      tests/cookie_rfc.test  
 M  +5 -1        tests/cookie_saving.test  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1180984