Mailing Lists
Mailing List Monthly Index Single Mail
curl-tracker Archives
[curl:bugs] #1494 Cookies Not Following Path Rules
From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Mon, 16 Mar 2015 13:39:33 +0000
Date: Mon, 16 Mar 2015 13:39:33 +0000
Thanks,
The cookie_spec is there for historical purposes to teach us where we come from, Firefox and curl both should adhere to the cookie RFC.
I'm still not happy with peeking into nor relying on what is stored locally about the headers but more exactly what the behavior is regards to cookies sent from a server and then sent back by curl. Can you show us a HTTP header sequence of what to receive that then leads to a different request (cookie wise) sent back when comparing curl vs for example Firefox ?
--- ** [bugs:#1494] Cookies Not Following Path Rules** **Status:** open **Labels:** cookies http **Created:** Fri Mar 13, 2015 12:34 PM UTC by Steve Corriere **Last Updated:** Mon Mar 16, 2015 01:08 PM UTC **Owner:** Daniel Stenberg I do not believe that Curl is correctly following the path rules for cookies based on <http://curl.haxx.se/rfc/cookie_spec.html>. Specifically, I do not think that it is following: "The path "/foo" would match "/foobar" and "/foo/bar.html". The path "/" is the most general path." In the following example, I would expect that we send the "partial_path" cookie in all requests. Note that for the request to "http://www.example.com/foobar," we are missing this cookie, but we have the cookie for "/foo/bar.html." I have seen the same behavior in version curl-7.37.0. A really old data point, but I believe that the behavior followed the cookie spec back in curl 7.19.7. If curl is not supposed to be following the cookie_spec page, my apologies. [scorriere_at_outrage src]$ cat /tmp/broken_cookie # Netscape HTTP Cookie File # http://curl.haxx.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. .example.com TRUE /foo/bar.html FALSE 2426364040 full_path 1 .example.com TRUE /foo FALSE 2426364040 partial_path 1 .example.com TRUE / FALSE 2426364040 general_path 1 [scorriere@outrage src]$ ./curl -vvv -o /dev/null -b /tmp/broken_cookie "http://www.example.com/foo" * Trying 93.184.216.34... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to www.example.com (93.184.216.34) port 80 (#0) > GET /foo HTTP/1.1 > User-Agent: curl/7.41.0 > Host: www.example.com > Accept: */* > Cookie: partial_path 1=; general_path 1= > < HTTP/1.1 404 Not Found < Accept-Ranges: bytes < Cache-Control: max-age=604800 < Content-Type: text/html < Date: Fri, 13 Mar 2015 12:27:53 GMT < Etag: "359670651" < Expires: Fri, 20 Mar 2015 12:27:53 GMT < Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT < Server: ECS (ewr/144C) < X-Cache: 404-HIT < x-ec-custom-error: 1 < Content-Length: 1270 < { [1270 bytes data] 100 1270 100 1270 0 0 78696 0 --:--:-- --:--:-- --:--:-- 84666 * Connection #0 to host www.example.com left intact [scorriere@outrage src]$ ./curl -vvv -o /dev/null -b /tmp/broken_cookie "http://www.example.com/foobar" * Trying 93.184.216.34... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to www.example.com (93.184.216.34) port 80 (#0) > GET /foobar HTTP/1.1 > User-Agent: curl/7.41.0 > Host: www.example.com > Accept: */* > Cookie: general_path 1= > < HTTP/1.1 404 Not Found < Accept-Ranges: bytes < Cache-Control: max-age=604800 < Content-Type: text/html < Date: Fri, 13 Mar 2015 12:27:59 GMT < Etag: "359670651" < Expires: Fri, 20 Mar 2015 12:27:59 GMT < Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT < Server: ECS (ewr/15AB) < X-Cache: 404-HIT < x-ec-custom-error: 1 < Content-Length: 1270 < { [1270 bytes data] 100 1270 100 1270 0 0 78657 0 --:--:-- --:--:-- --:--:-- 84666 * Connection #0 to host www.example.com left intact [scorriere@outrage src]$ ./curl -vvv -o /dev/null -b /tmp/broken_cookie "http://www.example.com/foo/bar.html" * Trying 93.184.216.34... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to www.example.com (93.184.216.34) port 80 (#0) > GET /foo/bar.html HTTP/1.1 > User-Agent: curl/7.41.0 > Host: www.example.com > Accept: */* > Cookie: full_path 1=; partial_path 1=; general_path 1= > < HTTP/1.1 404 Not Found < Accept-Ranges: bytes < Cache-Control: max-age=604800 < Content-Type: text/html < Date: Fri, 13 Mar 2015 12:28:03 GMT < Etag: "359670651" < Expires: Fri, 20 Mar 2015 12:28:03 GMT < Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT < Server: ECS (ewr/15CC) < X-Cache: 404-HIT < x-ec-custom-error: 1 < Content-Length: 1270 < { [1270 bytes data] 100 1270 100 1270 0 0 80242 0 --:--:-- --:--:-- --:--:-- 84666 * Connection #0 to host www.example.com left intact [scorriere_at_outrage src]$ **OS Version** cat /etc/redhat-release CentOS Linux release 6.0 (Final) [scorriere_at_outrage src]$ uname -a Linux outrage.verivue.com 2.6.32-71.el6.x86_64 #1 SMP Fri May 20 03:51:51 BST 2011 x86_64 x86_64 x86_64 GNU/Linux **Curl Version** ./curl --version curl 7.41.0 (x86_64-unknown-linux-gnu) libcurl/7.41.0 OpenSSL/1.0.2 zlib/1.2.5 libidn/1.18 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets --- Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.Received on 2015-03-16
These mail archives are generated by hypermail.