cURL / Mailing Lists / curl-library / Single Mail

curl-library

Cookies with blank expiry date

From: Dima Barsky <dima_at_debian.org>
Date: Tue, 6 Oct 2009 12:13:56 +0100

Hello curl developers,

I think the cookie parsing in curl is too strict. When a web server sends a
cookie with a blank expiration date (see example below) curl ignores it.
I know it's a rare case, but still, wouldn't it be logical to treat it as
a session cookie instead? Both firefox and IE do exactly that.

Here is an example:

$ curl -V
curl 7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 libssh2/1.2.1
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

$ curl -b "" -v -L -o /dev/null http://www.banking.first-direct.com 2>&1 | grep Cookie
< Set-Cookie: fda=r3596019029; path=/; expires=

A fix would be very simple:

diff -u cookie.c cookie.c\~
--- cookie.c 2009-10-05 10:56:49.000000000 +0100
+++ cookie.c~ 2009-04-23 12:51:08.000000000 +0100
@@ -351,8 +351,7 @@
             /* Note that we store -1 in 'expires' here if the date couldn't
                get parsed for whatever reason. This will have the effect
that
                the cookie won't match. */
- if( whatptr[0] )
- co->expires = curl_getdate(what, &now);
+ co->expires = curl_getdate(what, &now);
           }
           else if(!co->name) {
             co->name = strdup(name);

Regards,
Dima.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-10-06