Good catch. This is something the extensive cookiejar test cases did not account for because it requires saving cookies and restarting the cookiejar. The test cases never anticipated that ; so I will have to add a test case for this and backport the fix into the 4.10 branch.

 

Actually that statement is not correct. The "reject cross domain" cookies functionality is not affected by this bug at all. What is affected is far worse and only happens if kded (and hence kcookiejar) is shutdown and restarted. When the cookiejar restarts it reloads your saved cookies from a file. Unfortunately it does not explicitly initialize the cross domain flag to false. As a result, all of your saved cookies will be loaded with their cross domain flag set arbitrarily. In your case it seems to be 127. That means none of your saved cookies will work (they will be rejected as cross domain) and you won't be automatically logged into the sites. Depending on your cookie policy settings that is either the correct thing or a bug as is the case here.

The problem is further compounded by the fact that not everyone sees this issue. On my system (gcc 4.7.2), uninitialized boolean variable seems to always be set to false even when compiled with the optimization on. Hence, I have never been able to reproduce the regression this mistake causes (see https://bugs.kde.org/show_bug.cgi?id=307832).

Anyhow, thanks for debugging and fixing this.