cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: Passing cookies during session

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sat, 19 Jan 2002 12:01:56 +0100 (MET)

On Fri, 18 Jan 2002, Lara Bordick wrote:

Thanks for all details. They'll help us sort this out.

> What appears to be happening on the server side is in case #2 when I use
> curl in 1 step:
> -curl is invoked requesting access to a file on the dataserver
> - the client certificate is presented to the dataserver
> - no SSLCRED or SMSESSION cookies are presented so the dataserver redirects
> to the validation server
> - the connection goes to the validation server and presents the client
> certificate
> - the validation server generates an SSLCRED cookie and redirects back to
> the file request of the dataserver
> ******HERE IS THE IMPORTANT PART WHERE THINGS SEEM TO BE BREAKING DOWN*****
> - the logs on the dataserver show that the client does not present a valid
> SSLCRED or SMSESSION cookie at this point

This command seems to have been invoked without -i, which then doesn't show
us any response-headers from the servers...

This cookie genereated by the validation server, that is sent back to curl
together twith the redirect back to the file, how does that single header
line look like? (I identified and corrected a case where curl didn't parse a
cookie properly just last week, this *could* be a similar case.)

If I understand correctly, this cookie named "SSLCRED" is what curl should
provide to the server in order to get the file properly.

> Is it possible that curl is not passing the SSLCRED cookie to
> dataserver.somesite.com because it was defined by
> validationserver.somesite.com?

Hm. That might be the problem, yes. It depends on what the cookie header line
looked like. Didn't it specify "domain" at all perhaps? If it didn't, then I
think this may be the problem.

I think I've identified an internal problem with cookies without domain
specified, as then it uses the current host name as default, which I am not
so sure is the correct way to behave.

That feature was added to allow the cookies to get stored properly in a
cookie jar (using -c) but perhaps that default domain should only be used
when saving...

-- 
    Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/
Received on 2002-01-19