curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Cookie storage customization?

From: Isaac Jurado via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 15 Sep 2021 12:44:02 +0200

On Tue, Sep 14, 2021 at 11:31 PM Dan Fandrich <dan_at_coneharvesters.com>
wrote:

> On Tue, Sep 14, 2021 at 09:40:34PM +0200, Isaac Jurado via curl-library
> wrote:
> > I'm aware that the cookie jar is not mandatory and custom cookie storage
> could
> > be implemented with ease. However, some certain amount of logic, that
> libcurl
> > already provides, would have to be replicated. Mainly cookie
> parsing/filtering
> > and redirections.
>
> Does it not work to simply activate the libcurl cookie engine then use
> CURLOPT_COOKIELIST and CURLINFO_COOKIELIST to restore and save the cookies
> into
> a custom storage format? What logic would need to be duplicated? Or, are
> you
> just talking about parsing the cookie line?
>

From what I understand, right now it's not possible to enable
CURLOPT_FOLLOWLOCATION and be able to manage cookies from "user code" at
the same time. Looks like a trade off: if I want to handle cookies but not
with libcurl's cookie jar, I have to deal with 3xx responses myself too.
In OAuth based situations, it's very common to see a couple of consecutive
redirections to different domains, where each 3xx response carries some
Set-Cookie headers.

To give more context, I have been prototyping an utility to perform
authenticated service calls over HTTP. Authentication is OAuth based, but
I want to maximize session cookie reuse. Therefore, an SQLite based cookie
store fits very well even in a multiprocess environment (not only
multithread) thanks to the ACID transactions. So far, I have a working
solution using Python's HTTP client, where I coded the redirection
following logic. Here's the cookie storage part:

https://gist.github.com/etanol/fddb38dae74902631135fcab2146426a

I was considering moving to libcurl (e.g. PyCurl) and try to delegate as
much HTTP semantics as possible. So if libcurl had the possibility to
provide callbacks to save and retrieve cookies (instead of the cookie jar
file), most of my problems would be solved.

Would such a feature be in line with the project tenets and design
principles? I'm ok at attempting to contribute, I just wanted to know if
it was worth trying.

Best regards.

-- 
Isaac Jurado
"The noblest pleasure is the joy of understanding"
Leonardo da Vinci


-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2021-09-15