[Webkit-unassigned] [Bug 57139] New: Websocket cookies should be locked in when creating websocket

Fri Mar 25 21:34:39 PDT 2011

https://bugs.webkit.org/show_bug.cgi?id=57139

           Summary: Websocket cookies should be locked in when creating
                    websocket
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jmason at rim.com
                CC: ap at webkit.org, ukai at chromium.org

Conceptually a websocket is opened when the WebSocket object is created in Javascript.  However, behind the scenes the handshake data is not actually sent until the socket has been set up, asynchronously.  So if a document creates a websocket and then immediately updates the cookie, the cookie that is sent is the one that is current at the point the handshake is sent.  This is a race condition.  The cookie should be saved when the WebSocket constructor is executed, and the saved cookie sent with the handshake.

(I noticed this when running the cookie-001 test from the Opera test suite: http://testsuites.opera.com/websockets/)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.