http.cookiejar: Incorrect validation of path

Cookies of example.com with path=/any were sent to example.com/anybad/ while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy. The code did not check for the first non-matching character in prefix match to be a slash.

  • Disclosure date: 2019-01-03 (Python issue bpo-35647 reported)

Fixed In

Python issue

Cookie path check returns incorrect results.

  • Python issue: bpo-35647
  • Creation date: 2019-01-03
  • Reporter: Karthikeyan Singaravelan

Timeline

Timeline using the disclosure date 2019-01-03 as reference: