[wp-trac] Re: [WordPress Trac] #5076: Cookie testing prevents login

WordPress Trac wp-trac at lists.automattic.com
Tue Sep 25 20:37:02 GMT 2007


#5076: Cookie testing prevents login
--------------------------+-------------------------------------------------
 Reporter:  ryan          |        Owner:  anonymous
     Type:  defect        |       Status:  new      
 Priority:  normal        |    Milestone:  2.3.1    
Component:  General       |      Version:  2.3      
 Severity:  normal        |   Resolution:           
 Keywords:  login cookie  |  
--------------------------+-------------------------------------------------
Comment (by westi):

 Some notes:

 Original reporter on wp-testers has 3 blogs on same domain on same host (2
 work - 1 doesn't)

 There is a limit on the number of cookies per domain based on RFC2109:


    6.3  Implementation Limits

    Practical user agent implementations have limits on the number and
    size of cookies that they can store.  In general, user agents' cookie
    support should have no fixed limits.  They should strive to store as
    many frequently-used cookies as possible.  Furthermore, general-use
    user agents should provide each of the following minimum capabilities
    individually, although not necessarily simultaneously:

       * at least 300 cookies

       * at least 4096 bytes per cookie (as measured by the size of the
         characters that comprise the cookie non-terminal in the syntax
         description of the Set-Cookie header)

       * at least 20 cookies per unique host or domain name

    User agents created for specific purposes or for limited-capacity
    devices should provide at least 20 cookies of 4096 bytes, to ensure
    that the user can interact with a session-based origin server.

    The information in a Set-Cookie response header must be retained in
    its entirety.  If for some reason there is inadequate space to store
    the cookie, it must be discarded, not truncated.

    Applications should use as few and as small cookies as possible, and
    they should cope gracefully with the loss of a cookie.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5076#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list