cURL / Mailing Lists / curl-users / Single Mail

curl-users

Cookies and Sub-Domains

From: Nonsanity <nonsanity_at_gmail.com>
Date: Sun, 26 Dec 2004 02:20:27 -0500

In trying to get curl to log me into a website then download internal
pages, I think I found a possible bug with the cookie parser. It might
be considered that curl does it right and every other browser does it
wrong, but either way, I thought I'd mention it here...

The site in question used to be "www.domain.com" but it was since
changed to just "domain.com" with a automatic forwarding to the new
URL if you link to the old one. The cookies that store the session id
information once you log into the site are sill set to ".domain.com"
however instead of "domain.com" without the leading dot.

In ever browser I've tried, this works fine. The dot-prefixed cookie
domain is matched to the sub-domain-less URL.

But in curl, there is no match. I ended up having to strip the leading
dots out of the cookie file between the login curl command and the
download curl command.

If curl allowed a match between URL "domain.com" and cookie
".domain.com" then the behavior of other browsers would be imitated
exactly.

 ~ Nonsanity
Received on 2004-12-26