I have a single threaded app (MSVC C++ 2005) build against a static
LIBCURL 7.19.4

A test application connects to an in house server & performs a bespoke
authentication process that includes posting a couple of forms, and
when this succeeds creates a new resource (POST) and then updates the
resource (PUT) using If-Match.

I only use a single connection to libcurl (i.e. only one CURL*)

The cookie engine is enabled from the start using
curl_easy_setopt(CURLOPT_COOKIEFILE, "")

The cookie cache is cleared at the end of the authentication process
using curl_easy_setopt(CURLOPT_COOKIELIST, "SESS"). This is required
by the authentication process.

The next call, which completes a successful authentication, results in
a couple of security cookies being returned from the server - they
have no expiry date set.

The server (and I) expect the security cookies to then be sent with
all subsequent requests to the server. The problem is that _sometimes_
they are sent and _sometimes_ they aren't.

I'm not a CURL expert, so I'm probably doing something wrong, but I
can't figure out what. Running the test app in a loop results shows a
random distribution of correct cookie handling.

As a workaround I've disabled the cookie engine and am doing basic
manual cookie handling. Like this it works as expected, but I'd prefer
to use the library if possible.

Does anyone have any ideas?

Thanks
Seb

-- 
ACCU - http://www.accu.org/ - Professionalism in Programming