{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Ridiculous、 的问题《Internet Explorer sends the wrong cookie when the》','https://www.manongdao.com/q-521683.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We have multiple copies of a web-app that is deployed on multiple paths on the same domain.
Example:
Each instance maintains a set of cookies each one defines its path as "/" + .getWebDirRoot() - i.e. /abc, /xyz, /abc123
When performing the following flow:
- Login to http://mydomain.com/abc
- Perform some activity
- Logout
- Login to http://mydomain.com/abc123
- Perform some activity <-- Failure
The last step fails since IE sent us the incorrect cookie - it sends the one for http://mydomain.com/abc instead of the one for http://mydomain.com/abc123
This does not happen in FireFox. (And I haven't tried any other browser).
Is this a known behavior of IE (I tested IE9 and IE8)?
Is there a way to overcome it (in a programmatic manner)?
Note: Just to clarify, this does not happen when switching from http://mydomain.com/abc to http://mydomain.com/xyz - the behavior is strictly restricted to flows where currentUrl.startswith(urlAssociatedWithCookie) == true
I checked the behavior using Fiddler - I clearly see the HTTP request for abc123 sent with the value of the cookie belonging to abc.
I also checked the cookies on FireFox and they are as expected - one created per path.
After investigating for more than a day and looking everywhere for specification on IE's behaviour I came up with nothing - apart from the understanding that when
IEsees a cookie from domainxyzand pathabc, it will send it on any request sent to any URL starting with the same domain and path, e.g. `http://xyz/abc123'.So eventually what I did was change my cookie creation, and instead of:
I now create the following:
This solved the problem with no ricochetes - the cookie is saved succesfuly on the client and the correct cookie is always sent to the server.
Note: I checked the RFC for HTTP Cookies and found this:
The scenario that should have applied here is the 3rd, but it looks like
IEdoes not comply with the RFC on this case ...