Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cookie engine enabled without asked to #4429

Closed
bagder opened this issue Sep 26, 2019 · 2 comments
Closed

cookie engine enabled without asked to #4429

bagder opened this issue Sep 26, 2019 · 2 comments
Labels
cmdline tool cookies HTTP regression

Comments

@bagder
Copy link
Member

bagder commented Sep 26, 2019
edited

I did this

curl $URL $URL

... where the $URL sets a cookie.

I expected the following

No cookie would be sent in the second request, but it actually is!

This is likely to be a regression from 7.66.0 when this is using the share interface as compared to how things worked before.

curl/libcurl version

7.66.0

operating system

Any
@bagder bagder mentioned this issue Sep 27, 2019
Closed
@jay
Copy link
Member

jay commented Sep 27, 2019

bisected to b889408 curl: support parallel transfers
cookie engine is enabled for both transfers
from master:

curl/src/tool_operate.c

Lines 2294 to 2298 in 9cd755e

curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_COOKIE);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_DNS);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_CONNECT);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_PSL);

curl/lib/share.c

Lines 78 to 88 in 9cd755e

case CURL_LOCK_DATA_COOKIE:
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
if(!share->cookies) {
share->cookies = Curl_cookie_init(NULL, NULL, NULL, TRUE);
if(!share->cookies)
res = CURLSHE_NOMEM;
}
#else /* CURL_DISABLE_HTTP */
res = CURLSHE_NOT_BUILT_IN;
#endif
break;

@bagder
Copy link
Member Author

bagder commented Sep 27, 2019

Yes exactly. But I think it is an API problem/misbehavior that this curl change brought into light, so that is where I've done my fix for this in #4434 .

bagder added a commit that referenced this issue Sep 27, 2019
@bagder
cookies: using a share with cookies shouldn't enable the cookie engine
033f321 
The 'share object' only sets the storage area for cookies. The "cookie
engine" still needs to be enabled or activated using the normal cookie
options.

This caused the curl command line tool to accidentally use cookies
without having been told to, since curl switched to using shared cookies
in 7.66.0.

Test 1166 verifies

Updated test 506

Fixes #4429
Closes #4434
@bagder bagder closed this as completed in d0a7ee3 Sep 28, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Dec 27, 2019
@bagder bagder added the cookies label Nov 17, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
cmdline tool cookies HTTP regression
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

cookies: using a share with cookies doesn't enable the cookie engine curl/curl
2 participants
@bagder @jay