Bugs item #3404495, was opened at 2011-09-05 23:04
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3404495&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: wrong behaviour
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Michael Brooks (sitewatch)
Assigned to: Daniel Stenberg (bagder)
Summary: COOKIELIST producing invalid cookie.

Initial Comment:
To recreate this bug:

1)A web application sets a cookie using:
set-cookie: lang=en;

2)A programmer tries to modify this value using using setopt(), the only difference is the PATH part of the cookie. (the paths overlap such as / and /form/ but the variable name is identical)
'localhost\tFALSE\t/\tFALSE\t0\tlang\tgr'

The malformed HTTP request:
Cookie: lang=en; PHPSESSID=jnkgarlbkqmg0i9bruds97kof3; lang=gr;

This cookie value CAN NEVER HAPPEN IN A BROWSER. But more importantly why would a programmer want this? How is this behavior useful? As a user of your software i just want to modify this cookie value, but the end result is that whatever value i set is ignored because all web application platforms just pick the first cookie value. This is clearly broken.

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2011-09-05 23:28

Message:
First, thanks for providing feedback to help us improve things.

Sure, you want a feature: to easily replace a particular cookie.

The COOKIELIST interface is not the most convenient for this, as you need
to know details about the existing cookie in order to replace it properly.
This does however not say that you've found a bug in the existing interface
unless you can tell us how to repeat such a bug. I've not seen this yet.

Discussions for how to do things better and/or provide a better interface
should be held on the curl-library mailing list and not the bug tracker.

----------------------------------------------------------------------

Comment By: Michael Brooks (sitewatch)
Date: 2011-09-05 23:19

Message:
In step 1 the file is in /form/index.php and its being set for /form/

But at the end of the day i know i have a cookie with the variable name
"lang" (who cares about the path and flags?) And i just want to set it to
a different value, this should be easy and it should never duplicate the
value.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2011-09-05 23:14

Message:
Please help us repeat this instead of getting hostile.

First, what's the URL of the site that sets the cookie in step (1) ?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3404495&group_id=976
Received on 2011-09-05