[tbnl-devel] Session cookie should be set for path=/
Stefan Scholl
stesch at no-spoon.de
Thu Mar 17 18:46:22 UTC 2005
Hi!
I was hunting a bug. The session cookie was missing on all pages
other than the originating page.
Then I've looked for the internal representation of the Cookie.
My Firefox has stored it with a path value equal to the
originating page.
I've checke some websites which use session cookies, too. One
PHP site has a "path=/" in the Set-Cookie line of the response
header.
RFC 2109 says about Set-Cookie:
Path Defaults to the path of the request URL that generated the
Set-Cookie response, up to, but not including, the
right-most /.
So that's the correct behavior of my browser. For sessions the
path should be set to "/" by the server.
In session.lisp, function start-session
(set-cookie *session-cookie-name* :value (session-cookie-value session))
changed to
(set-cookie *session-cookie-name* :value (session-cookie-value session)
:path "/")
Regards,
Stefan
More information about the Tbnl-devel
mailing list