[tbnl-devel] Session cookie should be set for path=/
Bob Hutchison
hutch at recursive.ca
Thu Mar 17 21:50:09 UTC 2005
On Mar 17, 2005, at 4:31 PM, Edi Weitz wrote:
> On Thu, 17 Mar 2005 19:46:22 +0100, Stefan Scholl <stesch at no-spoon.de>
> wrote:
>
>> I was hunting a bug. The session cookie was missing on all pages
>> other than the originating page.
>>
>> Then I've looked for the internal representation of the Cookie. My
>> Firefox has stored it with a path value equal to the originating
>> page.
>>
>> I've checke some websites which use session cookies, too. One PHP
>> site has a "path=/" in the Set-Cookie line of the response header.
>>
>> RFC 2109 says about Set-Cookie:
>>
>> Path Defaults to the path of the request URL that generated the
>> Set-Cookie response, up to, but not including, the
>> right-most /.
>>
>> So that's the correct behavior of my browser. For sessions the path
>> should be set to "/" by the server.
>
> I've added that to 0.5.1 although I'm not fully convinced that that's
> the right way. It should probably be customizable. Maybe you don't
> /want/ the session to be valid for the whole site...
>
> Anyway, not today... :)
I think this might address part of the problem that I was complaining
about a couple of weeks ago ("Weird problem with cookies and startup").
I don't think I'll get a chance to test this today, so it'll be a
little over a week before I can confirm.
Cheers,
Bob
>
> Thanks,
> Edi.
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
>
>
----
Bob Hutchison -- blogs at <http://www.recursive.ca/hutch/>
Recursive Design Inc. -- <http://www.recursive.ca/>
More information about the Tbnl-devel
mailing list