ID: 40806 Updated by: [EMAIL PROTECTED] Reported By: john at albin dot net Status: Open Bug Type: Session related PHP Version: 4.4.6 Assigned To: iliaa New Comment:
The RFC mentions that order in regards to domain is unspecified which I think this bug is in regards to rather than the path issue. Spec >> If multiple cookies satisfy the criteria above, they are ordered in the Cookie header such that those with more specific Path attributes precede those with less specific. Ordering with respect to other attributes (e.g., Domain) is unspecified. Does the reporter have an example of a browser which demonstrates the bug here? Previous Comments: ------------------------------------------------------------------------ [2007-04-09 22:32:40] john at albin dot net Hi Tony, thanks for pointing at the source code reference. I am not familiar with PHP internals. I'm using PHP 4.4.6 and it's version of main/php_varriables.c (lines 201-209) does not (at first glance) appear to be analogous to the PHP 5 version (lines 209-218). Perhaps there is something in those lines that are the problem in PHP 4? (I have checked Firefox 2, IE 7, and Safari 2 and the problem persists, so it can't be the browsers.) ------------------------------------------------------------------------ [2007-04-09 21:52:26] [EMAIL PROTECTED] http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?annotate=1.104.2.10.2.7#l204 /* According to rfc2965, more specific paths are listed above the less specific ones. * we encounter a duplicate cookie name, we should skip it, since it is not possible * to have the same (plain text) cookie name for the same path and we should not overwrite * more specific cookies with the less specific ones. */ If your browser (whatever it is) does not comply with the standard, you should complain to your browser developers, not PHP. ------------------------------------------------------------------------ [2007-04-09 21:35:32] john at albin dot net I have confirmed this cookie collision while using Firefox and Safari. I believe they are compliant with the spec. The more specific cookies are sent first and PHP does NOT appear to prevent over-writing by the later, less-specific cookies. What detailed info would you like? ------------------------------------------------------------------------ [2007-04-09 20:43:41] [EMAIL PROTECTED] No, thanks. Ilia's reply is quite clear. ------------------------------------------------------------------------ [2007-04-09 20:04:55] john at albin dot net Perhaps you'd like more information rather than marking this as bogus. What detailed info would you like? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/40806 -- Edit this bug report at http://bugs.php.net/?id=40806&edit=1
