IE sends multiple cookies with same name?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by akach on Stack Overflow See other posts from Stack Overflow or by akach
Published on 2010-04-14T14:47:32Z Indexed on 2010/04/14 15:33 UTC
Read the original article Hit count: 163

Filed under:
|
|

I have a strange bug that occurs in IE7/XP and IE8/Vista on my website. IE sends two cookies named PHPSESSID.

How to reproduce:

  1. Clear cookies in IE (not necessary if you never visited unisender.com).

  2. Visit unisender.com (exactly without www to reproduce!) and it will redirect to www.unisender.com

  3. Login with any valid username and password (I've registered username testmsdn with password testmsdn - feel free to use for testing)

  4. Run your favourite capture-the-traffic program (I prefer wireshark)

  5. Now click any menu link (e.g. "messages")

  6. Look at captured traffic - you will see that IE sends double PHPSESSID cookie (and you are logged out after click because of this). It seems like first PHPSESSID is from unisender.com and second from www.unisender.com.

Captured sample:

GET /en/letter_list HTTP/1.1

Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, /

Referer: http://www.unisender.com/en/intro

Accept-Language: ru

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; FDM; .NET CLR 3.0.30729)

Accept-Encoding: gzip, deflate

Host: www.unisender.com

Connection: Keep-Alive

Cookie: authchallenge=3a9cfcfc9fe33822e3e21d75c8a3d3e4; PHPSESSID=14ea1cb133632951592397c86eaf037e; us_reg_ref=unknown; us_reg_url=http%3A%2F%2Funisender.com%2F; __utma=1.778517853.1271204400.1271204400.1271204400.1; __utmb=1.3.10.1271204400; __utmc=1; __utmz=1.1271204400.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=65e110aeb995a66b9dc8da5656c7a3da; last_login_name=testmsdn

I've tried to use session and non-session cookies, tried to use .unisender.com instead of unisender.com for cookie - nothing helps.

I suppose there should not be cookies with same name.

Am I right? Is it a bug in IE? If it's a bug then is there a workaround?

Or am I wrong and it's an expected behavior?

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about cookies

Related posts about internet-explorer

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle