## Check setting of cookies COOKIE ASK http://w.y.z/ Set-Cookie: some_value=value1; Path="/"; expires=%NEXTYEAR% CHECK http://w.y.z/ Cookie: some_value=value1 COOKIE ASK http://a.b.c/ Set-Cookie: some_value=value2; Path="/" CHECK http://a.b.c/ Cookie: some_value=value2 ## Check if clearing cookie jar works CLEAR COOKIES CHECK http://w.y.z/ CHECK http://a.b.c/ ## Check cookie syntax COOKIE ASK http://w.y.z/ Set-Cookie: some_value=value with spaces CHECK http://w.y.z/ Cookie: some_value=value with spaces COOKIE ASK http://a.b.c/ Set-Cookie: some_value="quoted value" CHECK http://a.b.c/ Cookie: some_value="quoted value" # Without a = sign, the cookie gets interpreted as the value for a cookie with no name # This is what IE and Netscape does COOKIE ASK http://a.b.c/ Set-Cookie: some_value CHECK http://a.b.c/ Cookie: some_value; some_value="quoted value" COOKIE ASK http://a.b.c/ Set-Cookie: some_other_value CHECK http://a.b.c/ Cookie: some_other_value; some_value="quoted value" CLEAR COOKIES # This doesn't work with old-style netscape cookies, it should work with RFC2965 cookies COOKIE ASK http://a.b.c/ Set-Cookie: some_value="quoted value; and such" # IE & Netscape does this: CHECK http://a.b.c/ Cookie: some_value="quoted value # Mozilla does: # CHECK http://a.b.c/ Cookie: some_value="quoted value; and such" # COOKIE ASK http://a.b.c/ Set-Cookie: some_value="quoted value; # CHECK http://a.b.c/ Cookie: some_value= # Note that we parse RFC2965 cookies like Mozilla does CLEAR COOKIES ## Check if deleting cookies works COOKIE ASK http://w.y.z/ Set-Cookie: some_value=value1; Path="/"; expires=%NEXTYEAR% CHECK http://w.y.z/ Cookie: some_value=value1 COOKIE ASK http://w.y.z/ Set-Cookie: some_value=value1; Path="/"; expires=%LASTYEAR% CHECK http://w.y.z/ ## Check if updating cookies works COOKIE ASK http://w.y.z/ Set-Cookie: some_value=value2; Path="/"; expires=%NEXTYEAR% COOKIE ASK http://w.y.z/ Set-Cookie: some_value=value3; Path="/"; expires=%NEXTYEAR% CHECK http://w.y.z/ Cookie: some_value=value3 ## Check if multiple cookies work COOKIE ASK http://w.y.z/ Set-Cookie: some_value2=foobar; Path="/"; expires=%NEXTYEAR% CHECK http://w.y.z/ Cookie: some_value2=foobar; some_value=value3 COOKIE ASK http://w.y.z/ Set-Cookie: some_value=; Path="/"; expires=%LASTYEAR% CHECK http://w.y.z/ Cookie: some_value2=foobar CLEAR COOKIES ## Check if path restrictions work COOKIE ASK http://w.y.z/ Set-Cookie: some_value=value1; Path="/Foo"; expires=%NEXTYEAR% CHECK http://w.y.z/ CHECK http://w.y.z/Foo Cookie: some_value=value1 CHECK http://w.y.z/Foo/ Cookie: some_value=value1 CHECK http://w.y.z/Foo/bar Cookie: some_value=value1 CLEAR COOKIES ## Check if default path works # RFC2965 says that we should default to the URL path, but netscape cookies default to / COOKIE ASK http://w.y.z/Foo/ Set-Cookie: some_value=value1; expires=%NEXTYEAR% CHECK http://w.y.z/ CHECK http://w.y.z/Foo Cookie: some_value=value1 CHECK http://w.y.z/FooBar CHECK http://w.y.z/Foo/ Cookie: some_value=value1 CHECK http://w.y.z/Foo/bar Cookie: some_value=value1 CLEAR COOKIES ## Check if cookies are correctly ordered based on path COOKIE ASK http://w.y.z/ Set-Cookie: some_value=value1; Path="/Foo"; expires=%NEXTYEAR% COOKIE ASK http://w.y.z/ Set-Cookie: some_value2=value2; Path="/Foo/Bar"; expires=%NEXTYEAR% CHECK http://w.y.z/Foo/Bar Cookie: some_value2=value2; some_value=value1 COOKIE ASK http://w.y.z/ Set-Cookie: some_value3=value3; Path="/"; expires=%NEXTYEAR% CHECK http://w.y.z/Foo/Bar Cookie: some_value2=value2; some_value=value1; some_value3=value3 CLEAR COOKIES ## Check cookies with same name but different paths COOKIE ASK http://w.y.z/Foo/ Set-Cookie: some_value=value1; expires=%NEXTYEAR% COOKIE ASK http://w.y.z/Bar/ Set-Cookie: some_value=value2; expires=%NEXTYEAR% CHECK http://w.y.z/Foo/Bar Cookie: some_value=value1 CHECK http://w.y.z/Bar/Foo Cookie: some_value=value2 COOKIE ASK http://w.y.z/ Set-Cookie: some_value=value3; expires=%NEXTYEAR% CHECK http://w.y.z/Foo/Bar Cookie: some_value=value1; some_value=value3 ## Check secure cookie handling COOKIE ASK https://secure.y.z/ Set-Cookie: some_value2=value2; Path="/"; expires=%NEXTYEAR%; secure CHECK https://secure.y.z/Foo/bar Cookie: some_value2=value2 CHECK http://secure.y.z/Foo/bar CLEAR COOKIES COOKIE ASK http://secure.y.z/ Set-Cookie: some_value3=value3; Path="/"; expires=%NEXTYEAR%; secure CHECK https://secure.y.z/Foo/bar Cookie: some_value3=value3 CHECK http://secure.y.z/Foo/bar CLEAR COOKIES ## Check domain restrictions #1 COOKIE ASK http://www.acme.com/ Set-Cookie: some_value=value1; Domain=".acme.com"; expires=%NEXTYEAR% CHECK http://www.acme.com/ Cookie: some_value=value1 CHECK http://www.abc.com/ CHECK http://frop.acme.com/ Cookie: some_value=value1 CLEAR COOKIES ## Check domain restrictions #2 COOKIE ASK http://novell.com/ Set-Cookie: some_value=value1; Domain=".novell.com"; expires=%NEXTYEAR% CHECK http://novell.com/ Cookie: some_value=value1 CHECK http://www.novell.com/ Cookie: some_value=value1 CLEAR COOKIES COOKIE ASK http://novell.com/ Set-Cookie: some_value=value1; Domain="novell.com"; expires=%NEXTYEAR% CHECK http://novell.com/ Cookie: some_value=value1 CHECK http://www.novell.com/ Cookie: some_value=value1 CLEAR COOKIES ## Check domain restrictions #3 COOKIE ASK http://novell.com/ Set-Cookie: some_value=value1; expires=%NEXTYEAR% CHECK http://novell.com/ Cookie: some_value=value1 # FIXME: Allegedly IE sends cookies to sub-domains as well! # See e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=223027 CHECK http://www.novell.com/ CLEAR COOKIES ## Check domain restrictions #4 COOKIE ASK http://novell.com/ Set-Cookie: some_value=value1; Domain=".com"; expires=%NEXTYEAR% CHECK http://novell.com/ Cookie: some_value=value1 # If the specified domain is too broad, we default to host only CHECK http://www.novell.com/ CHECK http://com/ CHECK http://sun.com/ ## Check domain restrictions #5 CLEAR COOKIES COOKIE ASK http://novell.co.uk/ Set-Cookie: some_value=value1; Domain=".co.uk"; expires=%NEXTYEAR% CHECK http://novell.co.uk/ Cookie: some_value=value1 # If the specified domain is too broad, we default to host only CHECK http://www.novell.co.uk/ CHECK http://co.uk/ CHECK http://sun.co.uk/ COOKIE ASK http://x.y.z.foobar.com/ Set-Cookie: set_by=x.y.z.foobar.com; Domain=".foobar.com"; expires=%NEXTYEAR% CHECK http://x.y.z.foobar.com/ Cookie: set_by=x.y.z.foobar.com CHECK http://y.z.foobar.com/ Cookie: set_by=x.y.z.foobar.com CHECK http://z.foobar.com/ Cookie: set_by=x.y.z.foobar.com CHECK http://www.foobar.com/ Cookie: set_by=x.y.z.foobar.com CHECK http://foobar.com/ Cookie: set_by=x.y.z.foobar.com CLEAR COOKIES ## Check domain restrictions #6 COOKIE ASK http://x.y.z.frop.com/ Set-Cookie: set_by=x.y.z.frop.com; Domain=".foobar.com"; expires=%NEXTYEAR% COOKIE ASK http://x.y.z.frop.com/ Set-Cookie: set_by2=x.y.z.frop.com; Domain=".com"; expires=%NEXTYEAR% CHECK http://x.y.z.foobar.com/ CHECK http://y.z.foobar.com/ CHECK http://z.foobar.com/ CHECK http://www.foobar.com/ CHECK http://foobar.com/ CLEAR COOKIES ## Check domain restrictions #7 COOKIE ASK http://frop.com/ Set-Cookie: set_by=x.y.z.frop.com; Domain=".foobar.com"; expires=%NEXTYEAR% COOKIE ASK http://frop.com/ Set-Cookie: set_by2=x.y.z.frop.com; Domain=".com"; expires=%NEXTYEAR% CHECK http://x.y.z.foobar.com/ CHECK http://y.z.foobar.com/ CHECK http://z.foobar.com/ CHECK http://www.foobar.com/ CHECK http://foobar.com/ CLEAR COOKIES ## Check domain restrictions #8 CONFIG AcceptSessionCookies true COOKIE ACCEPT http://www.foobar.com Set-Cookie: from=foobar.com; domain=bar.com; Path="/" CHECK http://bar.com CLEAR COOKIES ## Check cookies with IP address hostnames COOKIE ASK http://192.168.0.1 Set-Cookie: name1=value1; Path="/"; expires=%NEXTYEAR% COOKIE ASK http://192.168.0.1 Set-Cookie: name11=value11; domain="test.local"; Path="/"; expires=%NEXTYEAR% COOKIE ASK http://192.168.0.1:8080 Set-Cookie: name2=value2; Path="/"; expires=%NEXTYEAR% COOKIE ASK https://192.168.0.1 Set-Cookie: name3=value3; Path="/"; expires=%NEXTYEAR%; secure CHECK http://192.168.0.1 Cookie: name11=value11; name1=value1 CHECK http://192.168.0.1:8080 Cookie: name2=value2 CHECK https://192.168.0.1 Cookie: name3=value3; name11=value11; name1=value1 CHECK http://192.168.0.10 CHECK http://192.168.0