Author cito
Recipients ajaksu2, cito, jjlee, karlcow, mmelin, sonderblade, valankar
Date 2021-01-21.15:12:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
This patch should really be included.

As carl already mentioned, the relevant spec is RFC 6265, see section 5.4.2: "The user agent SHOULD sort the cookie-list in the following order: Cookies with longer paths are listed before cookies with shorter paths. Among cookies that have equal-length path fields, cookies with earlier creation-times are listed before cookies with later creation-times."

Currently, if the cookies are loaded with cookies.load(env['HTTP_COOKIE']) as most web frameworks do, then the cookies will be populated with the least specific or oldest values if there are duplicates. This is really bad.
Date User Action Args
2021-01-21 15:12:28citosetrecipients: + cito, jjlee, sonderblade, valankar, ajaksu2, karlcow, mmelin
2021-01-21 15:12:28citosetmessageid: <>
2021-01-21 15:12:28citolinkissue1375011 messages
2021-01-21 15:12:28citocreate