cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: curl 7.10.4: .www.example.net cookies not used with www.example.net

From: <p6ln9z302_at_sneakemail.com>
Date: Fri, 21 May 2004 14:01:48 +0200

Daniel Stenberg:
> Please, let's take this discussion on the curl-library mailing list
> instead!
Done.

> I really don't understand how this can be a problem. Can you please
> provide an example source code (or possibly curl tool command line)
> that shows 7.11.2 having this problem?
Yes. Please, see below.

> > The patch that seems to make it go away follows.
> That patch should not be needed. It would indicate a problem in
> previous code.
It seems that it is needed. But, then I might be doing something wrong ;-)

Here is a log of what happens when curl is asked to post some
data to z.x.com:

    + curl -o /tmp/xabc_b99s97 --dump-header - --verbose --cacert
    /tmp/xabc_b99s97.2 --cookie /tmp/xabc_b99s97.1 --cookie-jar
    /tmp/xabc_b99s97.1 -d sUserId=x -d sPassword=x -d aLocale=en_US
    'https://z.x.com/a/aLogon?aLocale=en_US'

    * About to connect() to z.x.com port 443
    * Connected to z.x.com (1.2.3.4) port 443
    * successfully set certificate verify locations:
    * CAfile: /tmp/xabc_b99s97.2
      CApath: none
    * SSL connection using DES-CBC3-SHA
    * Server certificate:
    * subject: /C=US/ST=.../OU=.../CN=Z.X.COM
    * start date: 2003-01-14 00:00:00 GMT
    * expire date: 2004-01-27 23:59:59 GMT
    * common name: Z.X.COM (matched)
    * issuer: /O=.../OU=...
    * SSL certificate verify ok.
> POST /a/aLogon?aLocale=en_US HTTP/1.1
    User-Agent: Netscape Communicator/5.2
    Host: z.x.com
    Pragma: no-cache
    Accept: */*
    Content-Length: 56
    Content-Type: application/x-www-form-urlencoded

    sUserId=x&sPassword=x&aLocale=en_US
    < Date: Fri, 21 May 2004 10:48:42 GMT
    < Server: IBM_HTTP_SERVER/1.2.3 Apache/1.2.3 (Unix)
    * Added cookie JSESSIONID="01234567890" for domain z.x.com, path /,
expire 0
    < Set-Cookie: JSESSIONID=01234567890;Path=/
    < Cache-Control: no-cache
    < Expires: Thu, 01 Jan 1970 00:00:00 GMT
    * Added cookie XToken="xt" for domain z.x.com, path /, expire 0
The unpatched 7.11.2 curl will barf here:
    skipped cookie with bad tailmatch domain: .z.x.com
and the XToken cookie will not be saved in the cookie-jar file.

My patched version will continue as can be seen below.
    < Set-Cookie: XToken=xt;Domain=.z.x.com;Path=/
    < Pragma: No-cache
    < Content-Type: text/html;charset=UTF-8
    < Content-Language: en
    < X-Cache: MISS from z.x.com
    < Transfer-Encoding: chunked
Received on 2004-05-21