curl-library
Re: curl 7.10.4: .www.example.net cookies not used with www.example.net
Date: Fri, 21 May 2004 14:01:48 +0200
Daniel Stenberg:
> Please, let's take this discussion on the curl-library mailing list
> instead!
Done.
> I really don't understand how this can be a problem. Can you please
> provide an example source code (or possibly curl tool command line)
> that shows 7.11.2 having this problem?
Yes. Please, see below.
> > The patch that seems to make it go away follows.
> That patch should not be needed. It would indicate a problem in
> previous code.
It seems that it is needed. But, then I might be doing something wrong ;-)
Here is a log of what happens when curl is asked to post some
data to z.x.com:
+ curl -o /tmp/xabc_b99s97 --dump-header - --verbose --cacert
/tmp/xabc_b99s97.2 --cookie /tmp/xabc_b99s97.1 --cookie-jar
/tmp/xabc_b99s97.1 -d sUserId=x -d sPassword=x -d aLocale=en_US
'https://z.x.com/a/aLogon?aLocale=en_US'
* About to connect() to z.x.com port 443
* Connected to z.x.com (1.2.3.4) port 443
* successfully set certificate verify locations:
* CAfile: /tmp/xabc_b99s97.2
CApath: none
* SSL connection using DES-CBC3-SHA
* Server certificate:
* subject: /C=US/ST=.../OU=.../CN=Z.X.COM
* start date: 2003-01-14 00:00:00 GMT
* expire date: 2004-01-27 23:59:59 GMT
* common name: Z.X.COM (matched)
* issuer: /O=.../OU=...
* SSL certificate verify ok.
> POST /a/aLogon?aLocale=en_US HTTP/1.1
User-Agent: Netscape Communicator/5.2
Host: z.x.com
Pragma: no-cache
Accept: */*
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
sUserId=x&sPassword=x&aLocale=en_US
< Date: Fri, 21 May 2004 10:48:42 GMT
< Server: IBM_HTTP_SERVER/1.2.3 Apache/1.2.3 (Unix)
* Added cookie JSESSIONID="01234567890" for domain z.x.com, path /,
expire 0
< Set-Cookie: JSESSIONID=01234567890;Path=/
< Cache-Control: no-cache
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
* Added cookie XToken="xt" for domain z.x.com, path /, expire 0
The unpatched 7.11.2 curl will barf here:
skipped cookie with bad tailmatch domain: .z.x.com
and the XToken cookie will not be saved in the cookie-jar file.
My patched version will continue as can be seen below.
< Set-Cookie: XToken=xt;Domain=.z.x.com;Path=/
< Pragma: No-cache
< Content-Type: text/html;charset=UTF-8
< Content-Language: en
< X-Cache: MISS from z.x.com
< Transfer-Encoding: chunked
Received on 2004-05-21