On Wed, 26 Sep 2001, Daniel Stenberg wrote:

> This is indeed not working as expected. Working on it right now.
>
> It might work better if you set 'domain' in the cookie line.

Received cookies that didn't set the 'domain' property in the header field
got treated badly. The attached fix seems to correct the most obvious
problems. Of course I'm interesting in feedback on this...

I've also written a test case (number 46) for this, available in CVS.

Domain-less cookies are tricky business and libcurl now takes precautions to
work with them:

- If the cookies are read from a file with stored headers, curl will treat
  those cookies internally as "matching any domain".

- Domain-less cookies read from a server will be treated as if the domain is
  the same as the sending host name. This is what the standards tell us to do.
  This prevents the cookie from becoming 'domain-less' internally.

- When writing domain-less cookies to a cookiejar file, libcurl now stores
  them with the domain 'unknown' which effectively will prevent them from
  being used in any subsequent requests. If you have suggestions on other
  treatments, please speak up.

- Cookies read from a 'cookie jar' (netscape cookie) file can't be
  domain-less.

-- 
    Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/