2 files changed, 25 insertions, 8 deletions

diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp
index 306195addb..5a75dd55e8 100644
--- a/src/network/access/qnetworkcookie.cpp
+++ b/src/network/access/qnetworkcookie.cpp
@@ -466,7 +466,7 @@ QByteArray QNetworkCookie::toRawForm(RawForm form) const
         }
         if (!d->path.isEmpty()) {
             result += "; path=";
-            result += QUrl::toPercentEncoding(d->path, "/");
+            result += d->path.toUtf8();
         }
     }
     return result;
@@ -954,8 +954,15 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt
                     }
                     //if unparsed, ignore the attribute but not the whole cookie (RFC6265 section 5.2.2)
                 } else if (field.first == "path") {
-                    QString path = QUrl::fromPercentEncoding(field.second);
-                    cookie.setPath(path);
+                    if (field.second.startsWith('/')) {
+                        // ### we should treat cookie paths as an octet sequence internally
+                        // However RFC6265 says we should assume UTF-8 for presentation as a string
+                        cookie.setPath(QString::fromUtf8(field.second));
+                    } else {
+                        // if the path doesn't start with '/' then set the default path (RFC6265 section 5.2.4)
+                        // and also IETF test case path0030 which has valid and empty path in the same cookie
+                        cookie.setPath(QString());
+                    }
                 } else if (field.first == "secure") {
                     cookie.setSecure(true);
                 } else if (field.first == "httponly") {
diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp
index 9e5dfe0371..b4cf8ce0bf 100644
--- a/src/network/access/qnetworkcookiejar.cpp
+++ b/src/network/access/qnetworkcookiejar.cpp
@@ -140,11 +140,21 @@ void QNetworkCookieJar::setAllCookies(const QList<QNetworkCookie> &cookieList)
 
 static inline bool isParentPath(QString path, QString reference)
 {
-    if (!path.endsWith(QLatin1Char('/')))
-        path += QLatin1Char('/');
-    if (!reference.endsWith(QLatin1Char('/')))
-        reference += QLatin1Char('/');
-    return path.startsWith(reference);
+    if (path.startsWith(reference)) {
+        //The cookie-path and the request-path are identical.
+        if (path.length() == reference.length())
+            return true;
+        //The cookie-path is a prefix of the request-path, and the last
+        //character of the cookie-path is %x2F ("/").
+        if (reference.endsWith('/'))
+            return true;
+        //The cookie-path is a prefix of the request-path, and the first
+        //character of the request-path that is not included in the cookie-
+        //path is a %x2F ("/") character.
+        if (path.at(reference.length()) == '/')
+            return true;
+    }
+    return false;
 }
 
 static inline bool isParentDomain(QString domain, QString reference)