Spambait wrote:

> I posted on the mailing list in March about a cookie problem -- the issue
> was not solely with the space, but with the trailing semi-colon as well
>
> Eg: Cookie: name=value; name=value;
> ^-- BAD!
>
> Without the trailing semicolon, it is possible to use multiple cookies
> against IIS4.0.

It seems utterly silly to implement a server that can't deal with this, but as
it clearly seems as if at least one major company has, I had to study the
cookie documents (again).

The fact is that Netscape's "cookie specification" isn't at all that clear
about this and the RFC 2109 (that no browser follows) more or less agrees with
the IIS interpretation. At least my interpretation says that IIS isn't
violating any of those two documents.

So, what would you fellows say about this patch:

*** http.c.org Wed Apr 26 08:06:27 2000
--- http.c Wed Apr 26 08:07:23 2000
***************
*** 234,242 ****
              sendf(data->firstsocket, data,
                    "Cookie:");
            }
- count++;
            sendf(data->firstsocket, data,
! " %s=%s;", co->name, co->value);
          }
          co = co->next; /* next cookie please */
        }
--- 234,242 ----
              sendf(data->firstsocket, data,
                    "Cookie:");
            }
            sendf(data->firstsocket, data,
! "%s%s=%s", count?"; ":"", co->name, co->value);
! count++;
          }
          co = co->next; /* next cookie please */
        }

--
 Daniel Stenberg, Software Developer
 Daniel.Stenberg_at_haxx.nu, +46-705-443177, www.contactor.se/~dast
 Swedish geeks unite: http://www.haxx.nu/home/