[tbnl-devel] Session cookie should be set for path=/
Edi Weitz
edi at agharta.de
Thu Mar 17 21:31:59 UTC 2005
On Thu, 17 Mar 2005 19:46:22 +0100, Stefan Scholl <stesch at no-spoon.de> wrote:
> I was hunting a bug. The session cookie was missing on all pages
> other than the originating page.
>
> Then I've looked for the internal representation of the Cookie. My
> Firefox has stored it with a path value equal to the originating
> page.
>
> I've checke some websites which use session cookies, too. One PHP
> site has a "path=/" in the Set-Cookie line of the response header.
>
> RFC 2109 says about Set-Cookie:
>
> Path Defaults to the path of the request URL that generated the
> Set-Cookie response, up to, but not including, the
> right-most /.
>
> So that's the correct behavior of my browser. For sessions the path
> should be set to "/" by the server.
I've added that to 0.5.1 although I'm not fully convinced that that's
the right way. It should probably be customizable. Maybe you don't
/want/ the session to be valid for the whole site...
Anyway, not today... :)
Thanks,
Edi.
More information about the Tbnl-devel
mailing list