149991 – Can't read a cookie from another port

Bug 149991 - Can't read a cookie from another port

Summary: Can't read a cookie from another port

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	kcookiejar (show other bugs)
Version:	unspecified
Platform:	unspecified Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (1):	151839 (view as bug list)
Depends on:
Blocks:

Reported:	2007-09-18 22:27 UTC by Michael Maier
Modified:	2010-09-29 18:49 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Maier 2007-09-18 22:27:38 UTC

Version:           Konqueror: 3.5.7 (using KDE KDE 3.5.7)
Installed from:    Unlisted Binary Package

hi!

If I create a cookie it is not possible to access this cookie from another port of the same host.
For example I create a cookie in a PHP Application on Apache Port 80. I also want to read this  cookie from my Ruby on Rails Application running on Port 3000.

It's not possible to read this cookie with Konquror 3.5.7(ArchLinux) but it works on Mozilla Firefox 2.0.0.6 and Opera 9.23. IE not tested.

You can test it very easy. Login to a Application which uses cookies.(e.g. phpMyAdmin)
Change the Port of your Webserver an look if you still logged in.

Thanks,
Michael M.

Comment 1 David Faure 2008-06-30 23:27:04 UTC

Hmm, can you make a test server available for me? I don't have the time to set up that stuff, too many other bugs to look at :)

Comment 2 Dawit Alemayehu 2010-09-18 05:04:28 UTC

*** Bug 151839 has been marked as a duplicate of this bug. ***

Comment 3 Dawit Alemayehu 2010-09-29 18:49:56 UTC

SVN commit 1180984 by adawit:

- Follow the port restriction rules specified in RFC 2965 section 3.3.4. By default cookies are sent to all ports now. See bug# 149991.

- Added/modified test cases to test port restriction handling

- Replaced harded coded generic TLD (com, net, etc) with a configurable one specified in the domain_info file. Also updated the generic TLDs to the current set.

- Made cookiejar more portable by removing system calls:
   * Replaced the use of fopen with QFile.
   * Replaced strncmp and strncasecmp with their Qt equivalents, qstrncmp and qstricmp.This also combats
      crashes since the qt versions of those system calls does
      not crash when one of the two input parameters is NULL.
   * Replaced the remaining use of time with KDateTime. This also solves the last possible causes for the so
      called Y2K38 problem.

- Improved performance:
  * Use QStringBuilder for string concatenation.
  * Removed the check for the end of an iterator out of the loop statements.

- Make sure more specific site policies are honored before generic or global ones.

BUG:14991


 M  +1 -0        domain_info  
 M  +289 -269  kcookiejar.cpp  
 M  +8 -5        kcookiejar.h  
 M  +26 -29     kcookieserver.cpp  
 U                  kcookiewin.cpp  
 M  +3 -3        tests/cookie.test  
 M  +16 -0      tests/cookie_rfc.test  
 M  +5 -1        tests/cookie_saving.test  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1180984