BUG: IE6 SP2 does not comply with RFC 2965 (cookies)

's Computer Specifications

In short:
RFC 2965 is the reference for HTTP State Management, i.e. cookies.
http://rfc.net/rfc2965.html

It defines:
User Agent Role:
Domain Defaults to the effective request-host. (Note that because
there is no dot at the beginning of effective request-host,
the default Domain can only domain-match itself.)

Highlight: "default Domain can only domain-match itself"

So requesting a page from www.domain.com should only have cookies that
domain-match www.domain.com exactly in its HTTP header "Cookie:".
But IE6 SP2 sends not only www.domain.com cookies, but also domain.com
cookies.

This behavior would be correct if this were not default-domain cookies, i.e.
if the domain was set explicitly by the server to .www.domain.com, then the
browser would be allowed to send cookies with domain .www.domain.com and
..domain.com.

But not for cookies with default domain.

Mozilla Firefox and Opera handle it correctly and send only cookies back
that match the default-domain exactly.

Yours sincerely - Andy Staudacher

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Give Request.Cookies and Response.Cookies is there any reason to use another method to use cookies?	_Who	Microsoft ASP .NET	7	18th Sep 2008 08:49 PM
How do I Install A New CD Key to Comply With Genuine Advantage	=?Utf-8?B?VENE?=	Windows XP Help	6	15th Oct 2005 05:16 AM
some security requirements - how to comply	Juan Carlos	Microsoft Windows 2000 Active Directory	2	23rd Feb 2005 04:28 PM
How do I get my actuarial spreadsheets to comply with SOx?	=?Utf-8?B?U3RldmVuIEdlb3JkaWUgQm95?=	Microsoft Excel Misc	0	22nd Dec 2004 03:55 PM
IE does not comply with no-store directive	David Hay	Windows XP Internet Explorer	2	26th Nov 2003 10:41 PM