cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Clean up cookies

From: Cris Bailiff <c.bailiff+curl_at_devsecure.com>
Date: Wed, 25 Jun 2003 11:14:45 +1000

Daniel,

just had a quick skim through the proposal - seems OK to me (I need to try
coding to it to see if it really makes sense!), but I had a couple of
comments:

* I didn't really see what the 'provided' bits get you? What's the issue with
just passing NULL/0 where data isn't supplied? This is effectively how the
cookie comes from the server - the things not provided just aren't there.

* New cookie attributes aren't supported.

Theoretically, the cookie string could have extra "name;" or "name=value;"
tags appended in future.

Although currently non-standard, there is at least one extra cookie flag which
is likely to become more common-place - 'httponly'.

http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp

This is a new security-related flag supported by IE6 - despite being an MS
'invention', is does have some merit, and might make it into mozilla.

Boolean flags (at least) could be supported by making it 'long flags' instead
of 'bool secure', and having some constants for SECURE and HTTPONLY, but I
don't know at what point you'd need to worry about extra arg/value pairs...

* Strictly speaking, there are 2 cookie versions. I don't know if you need to
care about which libcurl sends or stores....

* I don't really understand the need for SENDFUNC.

Why wouldn't I just provide a 'Cookies:' header with curl_easy_setopt when
setting up the request? It certainly adds a 'completeness' to the API, but it
seems quite complex to set up (and to implement!) for no obvious benefit.

Best of luck with all your upcoming non-code related changes!

Cheers,
Cris

On Tue, 24 Jun 2003 11:04 pm, Daniel Stenberg wrote:
> On Tue, 24 Jun 2003, Lorenzo Pastrana wrote:
> > Daniel is setting up a new cookie api.. where all kind of things can be
> > done to cookies. In the mean while I can send you a patch, it does just a
> > flush on command.
>
> Speaking of which, the most recent version of my suggested API is now
> uploaded and available here:
>
> http://curl.haxx.se/dev/COOKIES
>
> This is still 100% words and 0% code.

-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
Received on 2003-06-25