Friday, 7 June 2013

Cookies and localhost

I really hate it when I can't understand something, it hurts me and makes my mood harsher than usual. It's been a long while since I came to the realization that I'm not a particularly brilliant person, so I don't aspire to understanding Quantum Physics... but I really can't bear it when things that I consider to be within my intellectual realm decide to elude me. Today has been one of those days...

The thing was quite simple, I had a Web Application (well, sort of... the real thing is a bit more complicated) that was creating and sending a cookie to the client (sort of an AuthId that would allow us to identify the user as already authenticated). I could watch with Firebug or the Chrome Dev Tools how the server was sending a Set-Cookie Response Header, but the ensuing Requests would not send such cookie (in a Cookie request header). After carefully verifying that I was correctly setting the Domain, Expires and Path value of the cookie I thought it could be something due to the fact that the Response setting the cookie included a Redirection Status Code (307). Some googling didn't bring up any significant findings in that sense... so I ended up redesigning the thing to avoid the need for cookies. Anyway, the pain of not being able to make work an apparently so trivial solution kept shooting me inside (mainly because these things tend to lead me to think that same as I was wrong with this, I could be wrong with other related items). So, all of a sudden something sprang to mind, "could it be something with cookies and localhost!?"

And yes it was. To my astonishment I found this discussion stating:

by design domain names must have at least two dots otherwise browser will say they are invalid (see reference on http://curl.haxx.se/rfc/cookie_spec.html)

when working on localhost (!) the cookie-domain must be set to "" or NULL or FALSE instead of "localhost"

The solution is completely correct, setting Domain to null makes the whole thing work nicely and lets my self esteem return to its normal levels (not much high, but enough to get by...) but the thing leaves me wondering about the use of this odd "localhost" behavior.

2 comments:

  1. Hi Xose, I was glacing your blog. It's nice to see how you take your time to post your discoverings.

    I will follow it since now.

    Thanks

    ReplyDelete
  2. Hi there.

    Thanks, it's nice to hear that.

    ReplyDelete