cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: cookie jar bugs [PATCH]

From: Roth, Kevin P. <KPRoth_at_MarathonOil.com>
Date: Thu, 27 Sep 2001 13:46:04 -0400

>- If the cookies are read from a file with stored headers, curl will
treat
> those cookies internally as "matching any domain".

I'm assuming this choice is because the stored headers don't contain the
host name? This seems reasonable.

>- Domain-less cookies read from a server will be treated as if the
domain is
> the same as the sending host name. This is what the standards tell us
to do.
> This prevents the cookie from becoming 'domain-less' internally.

Great.

>- When writing domain-less cookies to a cookiejar file, libcurl now
stores
> them with the domain 'unknown' which effectively will prevent them
from
> being used in any subsequent requests. If you have suggestions on
other
> treatments, please speak up.

I don't like this. Is there any particular why you wouldn't simply
record the host-name as the cookie's domain (instead of 'unknown') when
writing to a cookie-jar file? I would assume this is how netscape does
things... It appears that MSIE 5 makes this assumption (if domain isn't
specified it belongs to the hostname) and that MSIE actually records the
"assumed domain" as part of its cookie-jar file.

Or, did you mean to say that the 'unknown' is going to be applied when
writing cookies to a cookie-jar that were read from a stored-headers
file? In this case, it makes sense to do what you've done above. It may
also make sense to simply NOT write the cookie into the cookie-jar (if
it won't be usable again, why bother?)

--Kevin
Received on 2001-09-27