Author cito
Recipients ajaksu2, cito, jjlee, karlcow, mmelin, sonderblade, valankar
Date 2021-01-21.15:12:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1611241948.49.0.430154870525.issue1375011@roundup.psfhosted.org>
In-reply-to
Content
This patch should really be included.

As carl already mentioned, the relevant spec is RFC 6265, see section 5.4.2: "The user agent SHOULD sort the cookie-list in the following order: Cookies with longer paths are listed before cookies with shorter paths. Among cookies that have equal-length path fields, cookies with earlier creation-times are listed before cookies with later creation-times."

Currently, if the cookies are loaded with cookies.load(env['HTTP_COOKIE']) as most web frameworks do, then the cookies will be populated with the least specific or oldest values if there are duplicates. This is really bad.
History
Date User Action Args
2021-01-21 15:12:28citosetrecipients: + cito, jjlee, sonderblade, valankar, ajaksu2, karlcow, mmelin
2021-01-21 15:12:28citosetmessageid: <1611241948.49.0.430154870525.issue1375011@roundup.psfhosted.org>
2021-01-21 15:12:28citolinkissue1375011 messages
2021-01-21 15:12:28citocreate