granicus.if.org Git - curl/commit

author	YAMADA Yasuharu <yasuharu.yamada@access-company.com>
	Sat, 18 May 2013 20:51:31 +0000 (22:51 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Sat, 18 May 2013 20:54:48 +0000 (22:54 +0200)
commit	04f52e9b4db01bcbf672c9c69303a4e4ad0d0fb9
tree	5289aab301b2404dc8576c219d0c7a5118f91b24	tree \| snapshot
parent	100a33f7ff8bd7dec1fe4b50bed57626a86c6b87	commit \| diff

cookies: only consider full path matches

I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4

lib/cookie.c		diff \| blob \| history
tests/data/Makefile.am		diff \| blob \| history
tests/data/test1228	[new file with mode: 0644]	blob
tests/data/test46		diff \| blob \| history
tests/data/test8		diff \| blob \| history