Zope doesn't handle multiple cookies with the same id
Bug #143938 reported by
dom_1
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Zope 2 |
Invalid
|
Low
|
Unassigned | ||
Bug Description
Zope stores cookies keyed by their id, but browsers can present two cookies with the same id, set at different paths:
from http://
"If multiple cookies satisfy the criteria above, they are ordered in
the Cookie header such that those with more specific Path attributes
precede those with less specific. Ordering with respect to other
attributes (e.g., Domain) is unspecified."
The first (i.e. most specific and therefore most relevant) cookie will be unavailable from Zope. This is a real problem when using cookie paths to manage multiple sessions with differing data depending on the locale.
Revision history for this message
| dom_1 (dom-1) wrote | #1 |
Revision history for this message
| dom_1 (dom-1) wrote | #2 |
Revision history for this message
| Andreas Jung (ajung) wrote | #3 |
| Changed in zope2: | |
| status: | New → Confirmed |
Revision history for this message
| Colin Watson (cjwatson) wrote | #4 |
| Changed in zope2: | |
| status: | Confirmed → Invalid |
To post a comment you must log in.
> The first (i.e. most specific and therefore most relevant) cookie will be
> unavailable from Zope. This is a real problem when using cookie paths to
> manage multiple sessions with differing data depending on the locale.
... that should probably read "...only the last (and therefore least relevant) cookie will be available from Zope" (!)