curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

RE: Issues with new cookie length limits

From: Chamberlin, David via curl-library <>
Date: Wed, 7 Jun 2023 09:34:28 +0000

Hi Alex.

Thanks for the prompt response - and the pointer to that thread.

It looks like we are facing the same issue as the original poster (Ben Herrenschmidt).

As I read it, the subject was left last week with Ben offering to make a change to curl that adds a command line parameter to lift or relax the limit (as well as a separate discussion about how to support cookies split into multiple headers)

Is there a way I can respond to the thread (from this email address)? I suspect that adding a new command line parameter as Ben suggests to an already crowded set will get some pushback - a CMakeLists/configure option might be more acceptable? Also, the length calculation issue we picked up was not discussed.

- David

-----Original Message-----
From: Aleksandar Lazic <>
Sent: 06 June 2023 21:15
To: libcurl development <>
Cc: Chamberlin, David [Engineering] <>
Subject: Re: Issues with new cookie length limits

Hi David.

On 2023-06-06 (Di.) 15:01, Chamberlin, David via curl-library wrote:
> Hi,
> I work for a large company which has long made grateful use of curl’s
> features both as a command line tool and as a library.
> Since curl 8, (I believe) a limit to the maximum size of the cookie
> header has been applied in curl. This has created issues when used
> with our intranet because of cookies automatically added by software
> over which we have little control.
> We have patched the curl package (in cookie.h) that we build for
> internal consumption to raise this limit (MAX_COOKIE_HEADER_LEN) from
> 8kB to 32kB which fixes our internal issue.
> Would the team be amenable to a pull request that adds an option to
> CMakeLists and/or configure to make this limit configurable at compile time?
> We also picked up a bug in that code in that the length limit check
> seems to be calculated incorrectly – we can submit a pull request for
> that also.

The was a length discussion about this topic last month, I'm pretty sure you will find in that thread your answer :-).*msg11__;Iw!!O2kDR7mm-zSJ!upD2KbAfkrsiFROk3s5Ek4phMpwKvvJuz8SDzg2y0vbTaET5LYXe1EZoqVveF0Mtat7tJfWtJ1WPBk72mg3ihGuWJSZR$

> -David



Your Personal Data: We may collect and process information about you that may be subject to data protection laws. For more information about how we use and disclose your personal data, how we protect your information, our legal basis to use your information, your rights and who you can contact, please refer to:<>
Received on 2023-06-07