Questions tagged [rfc6265]

defines the HTTP Cookie and Set-Cookie header fields

These header fields can be used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol. Although cookies have many historical infelicities that degrade their security and privacy, the Cookie and Set-Cookie header fields are widely used on the Internet. This RFC obsoletes RFC 2965.

7 questions

votes

1 answer

Firefox is not complying with RFC6265 regarding processing the path attribute of cookies

I was writing a PHP class for dealing with/parsing the Cookie and Set-Cookie HTTP headers to use it in my custom user-agents (crawlers, scrapers, bots, ..etc), and while testing it I found that it behaves different than Firefox in the way they…

asked Sep 06 '19 at 19:27

Accountant م

4,969
2
30
49

votes

2 answers

What browsers are rfc 6265 comliant

I'm looking for a list of rfc 6265 compliant browsers. I asked Mr. Google and apparently this is not an easy answer. Thanks!

asp.net browser rfc6265

asked Apr 16 '13 at 14:22

user222427

votes

0 answers

Leading dot in domain name cookie shared across subdomain and domain

I've read that RFC 2109 requires a leading dot and RFC 6265 ignores the leading dot. For a cookie shared across domain and sub domain in JavaScript the cookie can have the field ;domain=.domain or ;domain=domain On the Mozilla documentation on…

javascript cookies subdomain rfc6265

asked Feb 22 '16 at 18:23

uberdwang

votes

2 answers

Understanding RFC6265 domain-matching conditions

I'm looking to implement a straightforward method to check if a given cookie domain domain-matches a given hostname. To do this I will be implementing the domain matching conditions defined in section 5.1.3 of RFC 6265. The second of the two…

cookies domain-name rfc6265

asked Mar 13 '14 at 18:32

Jon Cram

15,309
21
72
105

votes

2 answers

Regex for parsing set-cookie headers

i try to parse set-cookie headers with regex in Python. For the set-cookie header i read the RFC 6265 Section 4.1 that describe how to build the set-cookie header. I try to build a regex from the specification and this is my current…

python regex cookies rfc6265

asked Jan 10 '20 at 15:38

Basti G.

votes

1 answer

Multiple cookie headers using OWASP ZAP script

I have an issue in ZAP scripts. I tried to create a login script using Zest. Most of the requests work except two of them. I found something was fishy when re-sending the request worked as expected (status code is 200) so i proxy chained Zap and saw…

zap rfc6265

asked Jan 16 '18 at 10:37

sabatmonk

-1

votes

1 answer

Token in HTTP Header?

currently I have read the RCF 6265 chapter 4.1.1 about the syntax of set-cookie headers. In 4.1.1 in the text: Each cookie begins with a name-value-pair, followed by zero or more attribute-value pairs. Servers SHOULD NOT send Set-Cookie headers…

php http-headers jwt setcookie rfc6265

asked Jul 23 '16 at 16:41

michael-mammut

1,917
2
19
38