I guess my confusion arises because most of the text talks about restricting the scope of the cookies and the RFC only allows you to broaden the scope.In any case the workaround is more than sufficient for these cases
regards deepak On Fri, Jun 3, 2011 at 1:05 PM, sebb <seb...@gmail.com> wrote: > On 3 June 2011 20:36, Deepak Shetty <shet...@gmail.com> wrote: > > even www.wordpress.com does the same thing and it seems to work fine in > FF > > > > *https://en.wordpress.com/wp-login.php* > > POST /wp-login.php HTTP/1.1 > > Set-Cookie: wordpress=VALUE; expires=Fri, 17-Jun-2011 19:32:09 GMT; * > > path=/wp-admin;* domain=.wordpress.com; httponly > > > > the browser is at url "/" , the post is to url */wp-login.php *- what is > the > > path to be compared with - the url the browser is at or the URL that is > > being posted to. ? > > AIUI, the cookie path is to be compared with the current request URI, > i.e. /wp-login.php > > > > > regards > > deepak > > > > > > On Fri, Jun 3, 2011 at 4:26 AM, sebb <seb...@gmail.com> wrote: > > > >> On 3 June 2011 04:27, Deepak Shetty <shet...@gmail.com> wrote: > >> > You are right , that is the problem . However im wondering what the > right > >> > behavior is > >> > If I request "/testjmeter/wp-login.php" > >> > Then arent these valid paths for set-cookie > >> > / > >> > /testjmeter > >> > /testjmeter/wp-login.php > >> > /testjmeter/child/ --> This is the problematic one. I was under the > >> > impression this was allowed? > >> > >> The Netscape specs (such as they are) are not entirely clear on this. > >> I have found the following: > >> > >> [1] the pathname component of the URL is compared with the path > >> attribute, and if there is a match, the cookie is considered valid and > >> is sent along with the URL request. The path "/foo" would match > >> "/foobar" and "/foo/bar.html". The path "/" is the most general path. > >> > >> RFC2109 says cookies should be rejected if "The value for the Path > >> attribute is not a prefix of the request-URI." > >> > >> My reading is that /testjmeter/child/ is not allowed by either cookie > >> spec. > >> > >> > if my page is at the root /wp-login.php then I think all directories > >> under / > >> > are allowed in the Set-Cookie? > >> > >> If the path is set to /, then all files and directories under it are > >> allowed. > >> However, as far as I can tell, if the path is set to /wp-login.php > >> then it is only valid for /wp-login.php (and ./wp-login.php/xzy if > >> that exists) > >> > >> > I tried to look through the cookie RFC and didnt seem to find > information > >> > one way or the other > >> > >> See above. > >> > >> > I can verify your fix works > >> > CookieManager.check.cookies=false -- Daniel this should work without > >> needing > >> > to manipulate cookies (In my example set this in jmeter.properties and > >> > disable the pre processor that adds the cookie) > >> > >> Best to add this to user.properties > >> > >> [1] http://curl.haxx.se/rfc/cookie_spec.html > >> [2] > >> > http://devedge-temp.mozilla.org/library/manuals/2000/javascript/1.3/reference/cookies.html > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: jmeter-user-unsubscr...@jakarta.apache.org > >> For additional commands, e-mail: jmeter-user-h...@jakarta.apache.org > >> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: jmeter-user-unsubscr...@jakarta.apache.org > For additional commands, e-mail: jmeter-user-h...@jakarta.apache.org > >
