cookies: only consider full path matches

I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-18 22:51:31 +02:00
parent 100a33f7ff
commit 04f52e9b4d
5 changed files with 89 additions and 9 deletions
--- a/tests/data/test46
+++ b/tests/data/test46
@@ -52,8 +52,8 @@ TZ=GMT
 www.fake.come	FALSE	/	FALSE	1022144953	cookiecliente	si
 www.loser.com	FALSE	/	FALSE	1139150993	UID	99
 %HOSTIP	FALSE	/	FALSE	1439150993	mooo	indeed
-#HttpOnly_%HOSTIP	FALSE	/w	FALSE	1439150993	mooo2	indeed2
-%HOSTIP	FALSE	/wa	FALSE	0	empty	
+#HttpOnly_%HOSTIP	FALSE	/want	FALSE	1439150993	mooo2	indeed2
+%HOSTIP	FALSE	/want	FALSE	0	empty	
 </file>
 </client>

@@ -77,8 +77,8 @@ Cookie: empty=; mooo2=indeed2; mooo=indeed
 www.fake.come	FALSE	/	FALSE	1022144953	cookiecliente	si
 www.loser.com	FALSE	/	FALSE	1139150993	UID	99
 %HOSTIP	FALSE	/	FALSE	1439150993	mooo	indeed
-#HttpOnly_%HOSTIP	FALSE	/w	FALSE	1439150993	mooo2	indeed2
-%HOSTIP	FALSE	/wa	FALSE	0	empty	
+#HttpOnly_%HOSTIP	FALSE	/want	FALSE	1439150993	mooo2	indeed2
+%HOSTIP	FALSE	/want	FALSE	0	empty	
 %HOSTIP	FALSE	/	FALSE	2054030187	ckyPersistent	permanent
 %HOSTIP	FALSE	/	FALSE	0	ckySession	temporary
 %HOSTIP	FALSE	/	FALSE	0	ASPSESSIONIDQGGQQSJJ	GKNBDIFAAOFDPDAIEAKDIBKE