Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-2206

Cookie domains not compliant with RFC 2109

    Details

    • Similar issues:

      Description

      RFC 2109 (http://tools.ietf.org/html/rfc2109) states that a Domain attribute when setting a cookie must either be an IP address, or a domain name starting with a dot and containing at least another dot, or be ".local". To quote, "An explicitly specified domain must always start with a dot.".

      Browsers seem to ignore this requirement, and also accept values like "xwiki.com", while they should only accepts ".xwiki.com".

        Attachments

          Activity

            People

            • Assignee:
              sdumitriu Sergiu Dumitriu
              Reporter:
              sdumitriu Sergiu Dumitriu
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: