logo

Blog

I ran my own blog from November 2006 till October 2014. All posts are still online, but I don't have time to update it anymore. Please note that all images and media files have been removed when the backup was moved to a new host in early 2016. Enjoy!

MacOS X 10.6.5 localhost Cookie problems

15. november 2010

After updating my laptop to MacOS X 10.6.5 I noticed that I can no longer login to my test system as cookies no longer work when using the localhost IP address (127.0.0.1). 

Not a big problem as you'll simply have to go with the hostname (something.local) but nevertheless a bit disturbing at the first moment. I guess it's caused by the following element of the 10.6.5 update:

CFNetwork - CVE-ID: CVE-2010-1834 - Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites - Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.

Can be found here: support.apple.com/kb/HT4435

I guess I'll have to get used to it...