This repository has been archived by the owner on Apr 12, 2024. It is now read-only.
$browser.cookies reads the wrong cookie value when there are multiple values for a cookie #2635
Assignees
Comments
ghost
assigned
chirayuk
added a commit
to chirayuk/angular.js
that referenced
this issue
May 12, 2013
With this change, $browser.cookies()["foo"] will behave like
docCookies.getItem("foo") where docCookies is defined at
https://developer.mozilla.org/en-US/docs/DOM/document.cookie
This fixes the issue where, if there's a value for the XSRF-TOKEN cookie
value with the path /, then that value is used for all applications in
the domain even if they set path specific values for XSRF-TOKEN.
Closes angular#2635
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Consider the case where a cookie,
foohas the valuer_valueat the root path/, and another value, say,p_valueat a subpath/path.document.cookiewill contains both values for the cooke for an application served under the/foopath. The value for the more specific path,/foo, will appear first in the list and the other less specific value will appear later.angular currently uses the last seen value of the cookie but should use the first value. The becomes a bigger issue when coupled with the automatic XSRF protection that's provided in conjunction with the
XSRF-TOKENcookie. Currently, if a value for this cookie is set on the root path, then that value is always used for applications at any other path.I'm working on a fix.
The text was updated successfully, but these errors were encountered: