Full Disclosure mailing list archives
Multiple Cookies combined to a single Set-Cookie response
From: Phani <pklanka () gmail com>
Date: Fri, 20 Mar 2009 11:33:08 +0530
Hello everyone, I am facing a trouble setting multiple cookies combined in a single Set-Cookie request. Though following RFC 2109 ( http://www.faqs.org/rfcs/rfc2109) <http://www.faqs.org/rfcs/rfc2109>, and MSDN http://msdn.microsoft.com/en-us/library/aa384321(VS.85).aspx both IE and firefox are non-responsive to the multiple cookies set in the single Set-Cookie request. I have tried the following on Apache / IIS Servers. (The type of webserver may not be relevant since the Set-Cookie header is one and the same in the HTTP responses. It is the browser which is not accepting the multiple cookies set) Trial #1 ----Server response---------- Set-Cookie: a1=b1; a2=b2; a3=b3 ----Client cookies------------- Cookie: a1=b1 Trial #2 ----Server response---------- Set-Cookie: a1=b1;a2=b2;a3=b3 ----Client cookies------------- Cookie: a1=b1 Trial #3 (I thought this would work, since it matches with what is written in RFC.. but instead of creating new cookies, browser is setting the value of a1 to be "b1, a2=b2, a3=b3") ----Server response---------- Set-Cookie: a1=b1, a2=b2, a3=b3 Xpad: avoid browser bug ----Client cookies------------- Cookie: a1=b1, a2=b2, a3=b3 Could anyone put in any thoughts on this... regards Phani Kumar Lanka
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple Cookies combined to a single Set-Cookie response Phani (Mar 19)
- Re: Multiple Cookies combined to a single Set-Cookie response Michal Zalewski (Mar 20)