ID: 40806 Updated by: [EMAIL PROTECTED] Reported By: john at albin dot net -Status: Open +Status: Bogus Bug Type: Session related PHP Version: 4.4.6 Assigned To: iliaa New Comment:
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?annotate=1.104.2.10.2.7#l204 /* According to rfc2965, more specific paths are listed above the less specific ones. * we encounter a duplicate cookie name, we should skip it, since it is not possible * to have the same (plain text) cookie name for the same path and we should not overwrite * more specific cookies with the less specific ones. */ If your browser (whatever it is) does not comply with the standard, you should complain to your browser developers, not PHP. Previous Comments: ------------------------------------------------------------------------ [2007-04-09 21:35:32] john at albin dot net I have confirmed this cookie collision while using Firefox and Safari. I believe they are compliant with the spec. The more specific cookies are sent first and PHP does NOT appear to prevent over-writing by the later, less-specific cookies. What detailed info would you like? ------------------------------------------------------------------------ [2007-04-09 20:43:41] [EMAIL PROTECTED] No, thanks. Ilia's reply is quite clear. ------------------------------------------------------------------------ [2007-04-09 20:04:55] john at albin dot net Perhaps you'd like more information rather than marking this as bogus. What detailed info would you like? ------------------------------------------------------------------------ [2007-03-22 23:32:31] [EMAIL PROTECTED] If the browser is compliant with the spec the more specific cookies are sent first and PHP prevent their overwriting by less specific cookies. ------------------------------------------------------------------------ [2007-03-21 05:56:45] John at Albin dot Net This will also affect session cookies from the same server, but with different paths. e.g. Given a request for http://example.com/path1, a "domain=.example.com; path=/" session cookie will over-write the correct "domain=.example.com; path=/path1" session cookie. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/40806 -- Edit this bug report at http://bugs.php.net/?id=40806&edit=1
