curl-users
Re: Bugs with cookies
Date: Wed, 27 Feb 2002 09:25:03 -0800
Just a follow-up on this -- the original URL I posted having a problem with
was an SSL "POST" form ... I was writing out the response headers from that
request, and then building cookies from that header dump.
Since Daniel just posted this in another thread:
> 7.9.4 has a SSL read bug that will make it unreliable for SSL downloads. You
> should get a 7.9.5 pre-release instead, as it will work better.
Could that have something to do with the problems I experienced?
As I mentioned, I did a test with the EXACT same "set-cookie" headers on
Apache with a NON-SSL page, and there were no problems whatsoever. Could it
be that the headers which are "downloaded" from the SSL server response are
unreliable as well due to this SSL read bug?
-Clay
___________________________
Clay Loveless
Webmaster, Crawlspace
http://www.crawlspace.com/
> From: Daniel Stenberg <daniel_at_haxx.se>
> Reply-To: curl_at_contactor.se
> Date: Wed, 27 Feb 2002 00:13:53 +0100 (MET)
> To: Curl Mailinglist <curl_at_contactor.se>
> Subject: Re: Bugs with cookies
>
> On Tue, 26 Feb 2002, Clay Loveless wrote:
>
>> The behavior is consistant when reading cookies back from an SSL post to an
>> AOL server running Netscape-Enterprise/4.1. I haven't been able to
>> re-create the problems when running on my Apache/PHP setup.
>
> Well, cookies are usually controlled by the script/application/program that
> runs on the server rather than the server software itself.
>
> That's also why they sometimes are abused to terribly.
>
>> Maybe this is a false alarm ... Or perhaps something so obscure that it's
>> not likely to be a problem for anyone else.
>
> I thought I was rather clear in my previous mails, but let me repeat myself a
> bit: one of your problems have been fixed (the way I suggested in my first
> reply), one of them I'm not quite sure what the correct treatment is and I
> was hoping for someone to comment on that and one of them I couldn't repeat.
>
> The cookie parser is not ancient old rock solid code. Heck, when I tried a
> few tests on it after your first mail, I had it crash on me. So I added test
> case 31, I fixed the crash and a few other minor things in the parser.
>
>> At any rate, the app I'm building needs to deal with the inconsistencies
>> I'm seeing in this particular environment, and doesn't need to be portable
>> ... So, I guess I'll start hacking away.
>
> It would help if you would record what your browser does and then tell us
> what curl does, and what changes in behavior you think we should make.
>
> Of course, if you would fix the problem and post a patch I'll be very
> grateful too! ;-)
>
>> As I continue on with this project, I'll keep the list posted if I come
>> across anything that clarifies these issues further.
>
> Please do. Fixing bugs is always the top priority on my list of things to do
> in curl.
>
> Good luck!
>
> --
> Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/
>
Received on 2002-02-27