curl-library
cookie domains; curl vs mozilla
Date: Fri, 11 Apr 2003 17:17:08 +0200 (CEST)
Hi
I've done some experienting with how cookies are treated by Mozilla the
browser. It all started with me noticing differences in how curl sends back
cookies compared with how Mozilla behaves. As you might know, cookies is a
gray area as no one follows any recent standards but instead all just build
upon their own interepretations of the ancient original netscape document for
how cookies are supposed to work.
Here's a summary of my findings on what Mozilla does depending on the domain
contents of the incoming Set-Cookie: header:
1. Incoming set domain => foobar.com
Mozilla prepends a dot when the domain name is saved in the cookie file,
and considers this cookie for all host names that end with "foobar.com".
2. Incoming set domain => .foobar.com
Mozilla saves the name like this in the cookie file, and considers this
cookie for all host names that end with "foobar.com".
3. If no domain was set, but we speak with 'www.foobar.com'
Mozilla saves the cookie for domain 'www.foobar.com' and only considers
the cookie for that particular host.
Does anyone have anything to object or comment on this behavior? I think it
would make sense to make libcurl work as similar as possible... libcurl
differs in the first case, where it doesn't prepend any dot, and in the third
case since libcurl always suffix-check the domain name against the host it
talks to.
-- Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs. ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.comReceived on 2003-04-11