curl-users
Re: Bugs with cookies
Date: Wed, 27 Feb 2002 22:58:14 +0400
Hi Daniel,
At 11:34 26-02-2002 +0100, Daniel Stenberg wrote:
>Let's call this problem A.
>
>I think we might have a cookie recording problem here. If we first receive a
>cookie named NAME for domain 'loonie.domain.boo' and then later receive
>another cookie line with NAME for domain 'domain.boo' (cutting off parts of
>the previous domain) this second cookie will be stored as a different one due
>to the different domain property. But I figure they should actually be
>treated as the same. (Cookies are a tricky business due to the lack of
>standards, or rather due to the lack of sites following the actual
>standards.)
Interesting question. :) 'loonie.domain.boo' can be considered as a cookie
for a specified host whereas 'domain.boo' applies to the whole domain. If
we have cookies for each of those, we should use the cookie that matches
the host. We should treat these cookies as separate entities.
I have seen some servers that send an incorrect entry for the domain part.
the domain part _should_ be '.domain.boo' or '.domain.boo.se' if it is a
ccTLD. The question is what to do with cookies such as 'domain.boo'. Given
that the do not follow the specifications, should cURL reject them?
Regards,
-sm
Received on 2002-02-27