http.cookiejar: Incorrect validation of path

Cookies of with path=/any were sent to while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy. The code did not check for the first non-matching character in prefix match to be a slash.


  • Disclosure date: 2019-01-03 (Python issue bpo-35647 reported)

Fixed In

Python issue

Cookie path check returns incorrect results.

  • Python issue: bpo-35647
  • Creation date: 2019-01-03
  • Reporter: Karthikeyan Singaravelan


Timeline using the disclosure date 2019-01-03 as reference: