[Mono-dev] HttpOnly and Expires not handled by CookieContainer.SetCookies(Uri, string)
Gonzalo Paniagua Javier
gonzalo.mono at gmail.com
Sun Oct 25 09:53:38 EDT 2009
On Sat, 2009-10-24 at 22:20 -0700, Tom Philpot wrote:
> While troubleshooting a web service authentication problem our app is
> having, I noticed that CookieContainer.SetCookies(Uri, string) has a few
> 1) It assumes that the Set-Cookie header only has one cookie in it, since it
> does not account for several comma separated cookies (as the MSDN docs
> state, and RFC 2109 section 4.2.2)
> 2) It does not properly set Cookie.Expires or Cookie.HttpOnly (for .NET
> 2.0). The current implementation will assume that expires=... specifies a
> new cookie. Similarly, HttpOnly will cause the CookieContainer to throw an
> exception when the cookie is being created since it assumes HttpOnly is a
> cookie name with no value.
> 3) I also noticed most of the CookieContainer tests are marked as
> Is CookieContainer really that broken, or am I missing something?
There's only 1 known bug in bugzilla related to CookieContainer plus the
tests that are marked as NotWorking. My guess is that what we have is
enough for most of the people using it. It would help if you open new
bugs and attach simple self-contained tests to them.
More information about the Mono-devel-list