Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why web browser don't care about port number when sending cookie?

Tags:

http

cookies

I have manually created two cookies using firebug:

Cookie1=value1; expires=Sat, 29 Mar 2014 06:21:54 GMT; path=/Ex05Cookie; domain=localhost; HttpOnly
Cookie2=value2; expires=Sat, 29 Mar 2014 06:21:54 GMT; path=/Ex05Cookie; domain=localhost:8080; HttpOnly

The only difference is the domain attribute, one is localhost while the other has a port number.

This is the HTTP header when I try to request http://localhost:8080/Ex05Cookie/:

GET /Ex05Cookie/ HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: Cookie1=value1
Connection: keep-alive
Cache-Control: max-age=0

where the header only contains Cookie1 whose domain is localhost.

Why my firefox don't send Cookie2 instead of Cookie1?

like image 492
Yishu Fang Avatar asked Apr 29 '13 05:04

Yishu Fang

People also ask

Does Port matter for cookies?

Yes, because cookies are associated with host/domain names, so a cookie on localhost cannot by shared with 127.0. 0.1 and vice versa. But cookies on the same host/domain, regardless of port, are sharable.

How does browser know which cookies to send?

Browser cookies are identified and read by “name-value” pairs. These tell cookies where to be sent and what data to recall. The server only sends the cookie when it wants the web browser to save it.

Do browsers automatically send cookies?

Cookies are sent with every request, so they can worsen performance (especially for mobile data connections). Modern APIs for client storage are the Web Storage API ( localStorage and sessionStorage ) and IndexedDB.

Is Port part of domain?

Domain names don't refer to specific ports. They just refer to IP addresses.

1 Answers

This is answered by https://stackoverflow.com/a/4212964/14731 and by the author of RFC 6265:

If we were designing cookies today, we'd definitely make it per-port. However, cookies are widely used on the Internet today and making this sort of change would break too many sites. For the most part, cookies are "done" in the sense that I wouldn't expect them to change much. Unfortunately, that means we stuck with cookies not respecting port number.

Source: https://groups.google.com/d/msg/comp.infosystems.www.misc/6WXdQ2RFhG8/VvOUuR3FNAUJ

like image 113
Gili Avatar answered Nov 15 '22 04:11

Gili
Sign in to Comment

Related questions

PHP flush() apparently works on my Linux machine but not on my windows machine?
Should I use HTTP 4xx to indicate HTML form errors?
org.apache.http.client.HttpClient - one per request?
How do I specify the protocol in an anchor and still use relative path?
ASP.NET custom error page HTTP response
How does WinInet determine what and when to cache?
QR code with http POST
How can I send a file's contents as a POST parameter using cURL?
Can I make Django QueryDict preserve ordering?
Java (Android) WebSocket Client Libraries [closed]
Get url and body from IncomingMessage?
Http status for error response because of business exception. Syntax is correct and request makes sense
Response status = 0 using fetch polyfill with mode: 'no-cors'
Is this a good practice to init a new httpClient upon each new request
button stopped making POST request
XMLHttp​Request​.upload.onprogress is triggered when server respons 500 error
Flutter: Connection closed while receiving data
HTTP if-none-match and if-modified-since and 304 clarification in PHP
Determining what jQuery .ajax() resolves a string of redirects to
Can Javascript tell if page was result of a GET or POST? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!