Edit report at https://bugs.php.net/bug.php?id=63835&edit=1
ID: 63835
Updated by: larue...@php.net
Reported by: tom916 at qq dot com
Summary: two cookie in request ,get comma in first cookie
name
-Status: Assigned
+Status: Wont fix
Type: Bug
Package: *General Issues
Operating System: linux
PHP Version: 5.3Git-2012-12-22 (Git)
Assigned To: laruence
Block user comment: N
Private report: N
New Comment:
as we discussed before,closed.
maybe you can file a bug to apache, it should not accept two cookies since they
can not be combined
Previous Comments:
------------------------------------------------------------------------
[2012-12-24 05:15:54] larue...@php.net
@pierrick , thanks for the explaination, and after some search, I also reached
that we can not fix this without any side-affect(BC break),
so, I think maybe won't fix.
thanks
------------------------------------------------------------------------
[2012-12-24 04:39:43] pierr...@php.net
RFC6265 is the last specification for HTTP State Management Mechanism.
Section 4.2.1 says that the grammar for the Cookie header is
cookie-header = "Cookie:" OWS cookie-string OWS
cookie-string = cookie-pair *( ";" SP cookie-pair )
Since RFC2626 (HTTP) only allows multiple message-header fields with the same
if and only if the entire field-value for
that header field is defined as a comma-separated list, I guess having multiple
Cookie: header is not a valid case.
------------------------------------------------------------------------
[2012-12-24 04:02:21] larue...@php.net
@pierrick, thanks, I also found a page:
http://kristol.org/cookie/errata.html ;)
------------------------------------------------------------------------
[2012-12-24 03:59:38] pierr...@php.net
RFC2616 says : Multiple message-header fields with the same field-name MAY be
present in a message if and only if the entire field-value for that header
field
is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to
combine the multiple header fields into one "field-name: field-value" pair,
without changing the semantics of the message, by appending each subsequent
field-value to the first, each separated by a comma. The order in which header
fields with the same field-name are received is therefore significant to the
interpretation of the combined field value, and thus a proxy MUST NOT change
the
order of these field values when a message is forwarded.
------------------------------------------------------------------------
[2012-12-24 03:33:59] larue...@php.net
I have no idea why some browser will do this, but I can not find a proof that
doesn't allow this.
anyway, this fix will introduce bc break, like, before,
cookie: userids=123,1232,123213;
I saw such usage before, so... I didn't commit this. I will try to find some
fix in the apache apis
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=63835
--
Edit this bug report at https://bugs.php.net/bug.php?id=63835&edit=1
