Secure cookie inconsistencies
I tried to secure (javascript) cookies with poor success. I made three rule sets with different target host attributes to test https://www.fortum.com. I was expecting that cookies were secured in all of these tests. Not sure if test case 1 is a defect or intended behaviour but at least Chrome is acting strange.
Here are the results:
FIREFOX
Test 1)
<target host="www.fortum.com">
<target host="fortum.com">
Cookies:
Host: www.fortum.com Name: Sitester_Nth1328 [Secured]
Domain: .fortum.com Name: __utma [Not secured]
Test 2)
<target host="*.fortum.com">
<target host="fortum.com">
Cookies:
Host: www.fortum.com Name: Sitester_Nth1328 [Secured]
Domain: .fortum.com Name: __utma [Secured]
Test 3 )
<target host=".fortum.com"> # validation error but works as a local rule
<target host="fortum.com">
<target host="www.fortum.com">
Cookies:
Host: www.fortum.com Name: Sitester_Nth1328 [Secured]
Domain: .fortum.com Name: __utma [Secured]
CHROME
Test 4)
<target host="www.fortum.com">
<target host="fortum.com">
Cookies:
Domain: www.fortum.com Name: Sitester_nth1382 [Not secured]
Domain: .www.fortum.com Name: Sitester_nth1382 [Secured]
Domain: .fortum Name: __utma [Not secured]
Test 5)
<target host="*.fortum.com">
<target host="fortum.com">
Cookies:
Domain: www.fortum.com Name: Sitester_nth1382 [Not secured]
Domain: .www.fortum.com Name: Sitester_nth1382 [Secured]
Domain: .fortum Name: __utma [Not secured]
Trac:
Username: mikkoharhanen