toddmath / firecookie

Automatically exported from code.google.com/p/firecookie
1 stars 0 forks source link

Cookies collision: .website.com & www.website.com #36

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Say you had these two cookies:
userid on the domain www.website.com
userid on the domain .website.com

They dont play nice, and i found deleting the .website.com cookie would
remove the
www.website.com one from the list, and trying again on .website.com did
nothing!
Nothing quite worked right, and firecookie had a hard time identifying what
cookie I
am trying to manipulate.

Original issue reported on code.google.com by odva...@gmail.com on 12 Mar 2009 at 12:05

GoogleCodeExporter commented 8 years ago
The original report has been done here:
http://code.google.com/p/firecookie/issues/detail?id=23#c8

Honza

Original comment by odva...@gmail.com on 12 Mar 2009 at 12:11

GoogleCodeExporter commented 8 years ago
If i do a cookie when pressing Cookies | Create Cookie, it creates a cookie 
with the format "www.example.com", which isn't picked up by the webserver.

If i recreate a cookie with ".www.example.com" it will be picked up (php 
platform with nginx / php5-fpm / ubuntu).

Additionally, the cookie list doesn't refresh on page refresh to reflect 
current cookie state...

Original comment by kinda...@gmail.com on 13 Jan 2012 at 8:53

GoogleCodeExporter commented 8 years ago
Using FF 16.0a1 + FB 1.10a11 (has Firecookie integrated) on Win7 I don't see 
problems related to domains with "www" and without.

My steps:
1. Opened Firebug on http://getfirebug.com
2. Right-clicked the "__utmz" cookie and chose "Edit"
3. Changed the host inside the cookie editor to "www.getfirebug.com" and 
clicked OK
   => Both cookies appeared in the list (OK)
4. Reloaded the page
   => Both cookies were still shown (OK)
5. Right-clicked the "__utmz" cookie with ".getfirebug.com" as domain and chose 
"Delete"
   => Only that cookie was deleted (OK)
6. Reloaded the page
   => The "__utmz" cookie with "www.getfirebug.com" as domain was still shown (OK)

So is that problem gone now?

Sebastian

Original comment by sebastia...@gmail.com on 18 Jun 2012 at 8:02

GoogleCodeExporter commented 8 years ago
Moved to: Issue fbug:5580

Original comment by sebastia...@gmail.com on 18 Jun 2012 at 8:02