W3C home > Mailing lists > Public > www-lib@w3.org > October to December 2003

Bug fixes for Cookies

From: Mikel Maron <mikel_maron@yahoo.com>
Date: Fri, 21 Nov 2003 09:12:46 -0800 (PST)
Message-ID: <20031121171246.90945.qmail@web11605.mail.yahoo.com>
To: www-lib@w3.org


I've been working on an application, using libwww, and have come across
some subtle, minor bugs in how Cookies are handled .. which
nevertheless cause great pain for my app.

Not sure if there's any development happening on libwww, or if bug
fixes are welcome, especially for the apparently un-official Cookie
spec (http://wp.netscape.com/newsref/std/cookie_spec.html). Hopefully
there is some interest!

So, the problem is two-fold. First, accepted cookies are parsed
incorrectly. The code is assuming that "=" is not a valid character in
a cookie value, by calling HTNextField rather than HTNextPair to parse
the value. From the spec on NAME=VALUE pairs in cookies...

"This string is a sequence of characters excluding semi-colon, comma
and white space"

Secondly, when a Cookie is being constructed to send, the NAME=VALUE
pairs are seperated by only ";", when it should be "; ". The Spec
addresses this under "Syntax of the Cookie HTTP Request Header"

Here's the tiny diff on HTCookie.c ..

<     char * cookie_value = HTNextPair(&value); 
>     char * cookie_value = HTNextField(&value);
<               if (!first) HTChunk_putc(cookie_header, '; ');
>               if (!first) HTChunk_putc(cookie_header, ';');

.. so there you have it. Any chance of including this fix in the


Brain Off :: http://radio.weblogs.com/0100875/

Do you Yahoo!?
Free Pop-Up Blocker - Get it now
Received on Friday, 21 November 2003 12:12:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:33:56 UTC