Questions tagged [rfc6265]

defines the HTTP Cookie and Set-Cookie header fields

These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This RFC obsoletes RFC 2965.

8 questions

votes

1 answer

Firefox is not complying with RFC6265 regarding processing the path attribute of cookies

I was writing a PHP class for dealing with/parsing the Cookie and Set-Cookie HTTP headers to use it in my custom user-agents (crawlers, scrapers, bots, ..etc), and while testing it I found that it behaves different than Firefox in the way they…

asked Sep 06 '19 at 19:27

Accountant م

6,975
3
41
61

votes

2 answers

What browsers are rfc 6265 comliant

I'm looking for a list of rfc 6265 compliant browsers. I asked Mr. Google and apparently this is not an easy answer. Thanks!

asp.net browser rfc6265

asked Apr 16 '13 at 14:22

user222427

votes

0 answers

Leading dot in domain name cookie shared across subdomain and domain

I've read that RFC 2109 requires a leading dot and RFC 6265 ignores the leading dot. For a cookie shared across domain and sub domain in JavaScript the cookie can have the field ;domain=.domain or ;domain=domain On the Mozilla documentation on…

javascript cookies subdomain rfc6265

asked Feb 22 '16 at 18:23

uberdwang

votes

2 answers

Understanding RFC6265 domain-matching conditions

I'm looking to implement a straightforward method to check if a given cookie domain domain-matches a given hostname. To do this I will be implementing the domain matching conditions defined in section 5.1.3 of RFC 6265. The second of the two…

cookies domain-name rfc6265

asked Mar 13 '14 at 18:32

Jon Cram

16,609
24
76
107

votes

0 answers

Path-Match condition from RFC 6265

RFC 6265 defines 3 path matching conditions. One of the path matching conditions is: The cookie-path is a prefix of the request-path, and the first character of the request-path that is not included in the cookie-path is a %x2F ("/")…

python http rfc6265

asked Feb 07 '23 at 07:12

Karen Petrosyan

votes

2 answers

Regex for parsing set-cookie headers

i try to parse set-cookie headers with regex in Python. For the set-cookie header i read the RFC 6265 Section 4.1 that describe how to build the set-cookie header. I try to build a regex from the specification and this is my current…

python regex cookies rfc6265

asked Jan 10 '20 at 15:38

Basti G.

votes

1 answer

Multiple cookie headers using OWASP ZAP script

I have an issue in ZAP scripts. I tried to create a login script using Zest. Most of the requests work except two of them. I found something was fishy when re-sending the request worked as expected (status code is 200) so i proxy chained Zap and saw…

zap rfc6265

asked Jan 16 '18 at 10:37

sabatmonk

-1

votes

1 answer

Token in HTTP Header?

currently I have read the RCF 6265 chapter 4.1.1 about the syntax of set-cookie headers. In 4.1.1 in the text: Each cookie begins with a name-value-pair, followed by zero or more attribute-value pairs. Servers SHOULD NOT send Set-Cookie headers that…

php http-headers jwt setcookie rfc6265

asked Jul 23 '16 at 16:41

michael-mammut

2,595
5
28
46