[tor-bugs] #14059 [Tor Browser]: Revision of existing double key cookie logic to meet requirements
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 4 13:31:35 UTC 2015
#14059: Revision of existing double key cookie logic to meet requirements
-----------------------------+----------------------------------
Reporter: michael | Owner: michael
Type: defect | Status: assigned
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: TorBrowserTeam201501
Actual Points: | Parent ID: #3246
Points: |
-----------------------------+----------------------------------
Comment (by michael):
Replying to [comment:4 myself]:
> '''Question:''' Do we want to limit requirements to session cookies?
> '''Background:''' The TB ignores expiry (and other?) HTTP cookie
parameters.
>
'''Errata:''' Actually, the TB is [http://www.ietf.org/rfc/rfc6265.txt RFC
6265] compliant, but the ''Expires'' attribute is ignored unless
''network.cookie.lifetimePolicy'' is changed from its default value (2 ==
ignore persistence.)
'''Answer:''' Probably yes, leaving this corner case unattended could
cause subtle problems in runtime or increase maintenance costs.
>
> '''Question:''' Are Mozilla requirements applicable (for backporting to
Firefox ESR?)
> '''Answer:''' <yes/no?>
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14059#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list