cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: Cookie ignored !(?)

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 5 Aug 2003 14:25:31 +0200 (CEST)

On Tue, 5 Aug 2003, Roth, Kevin P. wrote:

> Of course, there are some domains where the dotcount still needs to be at
> least 3. Consider www.xyzcompany.co.uk... If the cookie's domain were set to
> ".co.uk", it would be applied to most commercial sites hosted in the UK!

Yeah. I guess it was for domains such as this they came up with the dotcount
idea once upon the time. For many other domains (such as the previously
described .se) it just doesn't make sense.

> My opinion for what it's worth : perhaps curl shouldn't bother checking
> whether a cookie's domain is too generic. Perhaps it should just make sure
> the domain of the cookie matches the right-hand section of any URL to which
> it might apply?

curl already does that tailmatch check. The reason I added the dotcount check
is that I found some sites that tried to detect level of cookie-support in the
client by setting all kinds of cookies and then checking what kind of cookies
it got back. That made me study the specs and follow them a bit more strict
that previously. As seen here, it bounced back in my face.

So, the current dotcount check in curl (after this bugfix) will only prevent
cookies to get set on the pure toplevel domain, like ".com" or ".uk". I'd say
that is a safe assumption.

-- 
 Daniel Stenberg -- curl: been grokking URLs since 1998
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
Received on 2003-08-05