curl/tests/data/test1228
YAMADA Yasuharu 04f52e9b4d cookies: only consider full path matches
I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
  the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-18 22:54:48 +02:00

55 lines
918 B
Plaintext

<testcase>
<info>
<keywords>
HTTP
HTTP GET
cookies
cookie path
</keywords>
</info>
<reply>
<data>
HTTP/1.1 200 OK
Date: Tue, 25 Sep 2001 19:37:44 GMT
Set-Cookie: path1=root; domain=.example.fake; path=/;
Set-Cookie: path2=depth1; domain=.example.fake; path=/hoge;
Content-Length: 34
This server says cookie path test
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
HTTP cookie path match
</name>
<command>
http://example.fake/hoge/1228 http://example.fake/hogege/ -b nonexisting -x %HOSTIP:%HTTPPORT
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET http://example.fake/hoge/1228 HTTP/1.1
Host: example.fake
Accept: */*
Proxy-Connection: Keep-Alive
GET http://example.fake/hogege/ HTTP/1.1
Host: example.fake
Accept: */*
Proxy-Connection: Keep-Alive
Cookie: path1=root
</protocol>
</verify>
</testcase>