Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0001696 [Quercus] minor always 04-19-07 18:22 04-24-07 11:11
Reporter snb View Status public  
Assigned To nam
Priority normal Resolution fixed  
Status closed   Product Version 3.1.1
Summary 0001696: session_start() generates cookies with null domain
Description When the php.ini session.cookie_domain value is unset, session_start() (and other functions that use SessionModule.generateSessionCookie()) will generate a cookie with the domain attribute set to an empty string. Firefox 2.0.0.3 on Mac OS X seems to just ignore these empty domain attributes and falls back to using the default domain--the server's hostname. Safari (version 2.0.4 at least) seems to ignore cookies like this. MediaWiki's login screen seems to use this session cookie to determine if a user has cookies enabled, and thus can log in, so Safari users will get an error message about having cookies disabled (when they do have them enabled) when attempting to log in.
Additional Information I'll attach a small patch that fixes the problem. This patch makes the domain attribute not get set at all if php.ini's session.cookie_domain is not set.
Attached Files  cookie_domain.patch [^] (677 bytes) 04-19-07 18:23

- Relationships

- Notes
(0001859)
nam
04-24-07 11:11

fixed for other servlet containers

When Quercus is running on Resin, the cookie domain is not sent if the domain is the empty string. But other servlet containers may not do the empty string check, thereby sending the problematic empty domain.
 

- Issue History
Date Modified Username Field Change
04-19-07 18:22 snb New Issue
04-19-07 18:23 snb File Added: cookie_domain.patch
04-24-07 10:03 nam Status new => assigned
04-24-07 10:03 nam Assigned To  => nam
04-24-07 11:11 nam Status assigned => closed
04-24-07 11:11 nam Note Added: 0001859
04-24-07 11:11 nam Resolution open => fixed
04-24-07 11:11 nam Fixed in Version  => 3.1.1


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker