cURL / Mailing Lists / curl-users / Single Mail


RE: Passing cookies during session

From: Lara Bordick <>
Date: Tue, 22 Jan 2002 15:49:13 -0600

I am attaching the standard output from running the single command:
curl -v -i -b cookies --cert my_cert.pem:password -L -O

I still do not see any Set-Cookie lines in this output. I am not sure if I
am doing something wrong when I execute the command.

When I run the command curl -v -i -D cookies --cert my_cert.pem:password -L I see that the server is definitely
setting the cookies with the domain =

Please let me know if you would like to see any output from further testing.

-----Original Message-----
From: Daniel Stenberg []
Sent: Saturday, January 19, 2002 5:02 AM
To: Lara Bordick
Cc: 'Curl Mailinglist'
Subject: RE: Passing cookies during session

On Fri, 18 Jan 2002, Lara Bordick wrote:

Thanks for all details. They'll help us sort this out.

> What appears to be happening on the server side is in case #2 when I use
> curl in 1 step:
> -curl is invoked requesting access to a file on the dataserver
> - the client certificate is presented to the dataserver
> - no SSLCRED or SMSESSION cookies are presented so the dataserver
> to the validation server
> - the connection goes to the validation server and presents the client
> certificate
> - the validation server generates an SSLCRED cookie and redirects back to
> the file request of the dataserver
> - the logs on the dataserver show that the client does not present a valid
> SSLCRED or SMSESSION cookie at this point

This command seems to have been invoked without -i, which then doesn't show
us any response-headers from the servers...

This cookie genereated by the validation server, that is sent back to curl
together twith the redirect back to the file, how does that single header
line look like? (I identified and corrected a case where curl didn't parse a
cookie properly just last week, this *could* be a similar case.)

If I understand correctly, this cookie named "SSLCRED" is what curl should
provide to the server in order to get the file properly.

> Is it possible that curl is not passing the SSLCRED cookie to
> because it was defined by

Hm. That might be the problem, yes. It depends on what the cookie header
looked like. Didn't it specify "domain" at all perhaps? If it didn't, then I
think this may be the problem.

I think I've identified an internal problem with cookies without domain
specified, as then it uses the current host name as default, which I am not
so sure is the correct way to behave.

That feature was added to allow the cookies to get stored properly in a
cookie jar (using -c) but perhaps that default domain should only be used
when saving...

    Daniel Stenberg -- curl groks URLs --

Received on 2002-01-22