A possible cookie polution [#177927]

I won't have time to check this, sorry, so I'm only reporting here a _possible_ bug.

I see the following code in 'misc/drupal.js':

if (Drupal.jsEnabled) {
  ...
  // 'js enabled' cookie
  document.cookie = 'has_js=1';
  ...
}

And I think this should be changed to:

  document.cookie = 'has_js=1; path=/';

Or else a cookie created at 'node/1234' won't be seen at 'taxonomy/term/5'. And we will have a "cookie polution": lot's of cookies, especially if path_auto is used to creating 'folders'.

A related issue:

I see the following in 'comment.module':

setcookie('comment_info_'. $field, $form_state['values'][$field], time() + 31536000);

And I wonder if the 'path' parameter should be used here.

Comment	File	Size	Author
#3	comment_cookie_path-177927-3.patch	1.26 KB	chx
#3

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

mooffie CreditAttribution: mooffie commented 23 September 2007 at 15:01

Title:

A possible coockie polution

» A possible cookie polution

:-)

Comment #2

chx CreditAttribution: chx commented 23 September 2007 at 16:18

See http://drupal.org/node/177906 for the JS issue.

Comment #3

chx CreditAttribution: chx commented 23 September 2007 at 20:49

Component:	javascript	» comment.module
Status:	Active	» Needs review

File	Size
comment_cookie_path-177927-3.patch	1.26 KB

True.

Comment #4

mooffie CreditAttribution: mooffie commented 24 September 2007 at 01:20

Status:

Needs review

» Reviewed & tested by the community

I reviewed the patch. It indeed solves a nasty bug with these identity cookies.

(To easily see the bug I configured the comment form to show "below the post" (not "on a separate page" because then all the comment forms would have a somewhat common base path).