Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 1.3.1, 1.4 M1
Affects Version/s: 1.3
Component/s: {Unused} Authentication and Rights Management
Labels:
None

Similar issues:

Description

RFC 2109 (http://tools.ietf.org/html/rfc2109) states that a Domain attribute when setting a cookie must either be an IP address, or a domain name starting with a dot and containing at least another dot, or be ".local". To quote, "An explicitly specified domain must always start with a dot.".

Browsers seem to ignore this requirement, and also accept values like "xwiki.com", while they should only accepts ".xwiki.com".

Attachments

Activity

People

Assignee:: Sergiu Dumitriu

Reporter:: Sergiu Dumitriu

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 12/Mar/08 20:52

Updated:: 12/May/09 12:49

Resolved:: 14/Mar/08 05:45

Date of First Response:: 13/Mar/08 8:50 AM