Of course, there are some domains where the dotcount still needs to
be at least 3. Consider www.xyzcompany.co.uk... If the cookie's
domain were set to ".co.uk", it would be applied to most commercial
sites hosted in the UK!

My opinion for what it's worth : perhaps curl shouldn't bother checking
whether a cookie's domain is too generic. Perhaps it should just make sure
the domain of the cookie matches the right-hand section of any URL to
which it might apply?

My reasoning : In a regular browser, cookies are kept around forever, and
the browser needs to be extra careful not to accept a bad one. But curl
doesn't even consider cookies unless we tell it to, and even then they're
usually very short-lived (just for one set of requests).

- Kevin

-----Original Message-----
From: Daniel Stenberg [mailto:daniel_at_haxx.se]
Sent: Monday, August 04, 2003 6:32 PM

The reason is quite simple: it does not meet the criterias made up in the
netscape cookie spec and that I made curl obey not too long ago. I realize now
that perhaps browsers don't do this careful check to skip out on domain names
with too few dots...

- if(dotcount < 3) {
+ if(dotcount < 2) {

-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
Received on 2003-08-05