Bugs item #3398164, was opened at 2011-08-25 15:33
Message generated for change (Comment added) made by astrostl
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3398164&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: None
Status: Open
Resolution: Invalid
Priority: 5
Private: No
Submitted By: astrostl (astrostl)
Assigned to: Daniel Stenberg (bagder)
Summary: Unable to access site without an (unused!) --cookie-jar

Initial Comment:
curl 7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM SSL libz

(that's stock curl from Mac OS X 10.7.1 "Lion")

I'm using curl to log into a site via an HTTP form, following subsequent redirects. If I pass "--cookie-jar -" and effectively ignore the stored cookie, everything works as hoped. If I don't, it doesn't. I tried both ways using --trace-ascii. WITHOUT a jar, I have a series of "Set-Cookie" results, followed by a site warning that my browser doesn't accept cookies. WITH a jar, I have a similar series of Set-Cookies except there is a "== Info: Added cookie" or "== Info: Replaced cookie" in-between them.

Since I'm not actually doing anything with the cookies dumped to stdout, the best guess I have is that "--cookie-jar" also enables the acceptance or use of cookies itself in curl. If this is the case, I think the documentation and guides could be updated to reflect that. If not, what explains this behavior?

----------------------------------------------------------------------

>Comment By: astrostl (astrostl)
Date: 2011-08-25 16:31

Message:
Well, I'm starting to see it already now...

http://curl.haxx.se/docs/httpscripting.html

Curl's "cookie engine" gets enabled when you use the --cookie option. If
you
 only want curl to understand received cookies, use --cookie with a file
that
 doesn't exist. Example, if you want to let curl understand cookies from
a
 page and follow a location (and thus possibly send back cookies it
received),
 you can invoke it like:
 
        curl --cookie nada --location http://www.example.com

and

man curl

              Using this method
              also activates the "cookie parser" which will make curl
record
              incoming cookies too, which may be handy if you're using
this in
              combination with the -L/--location option.

What happened for me, FWIW, is that I hit the "HTTP scripting" URL, hit
the point in the docs where it said "you really want to use --cookie-jar
for cookies..." and immediately skipped to that section. Aside from this
redirection, maybe all the bases are covered pretty well. It does seem
strange to me to pass a non-existent file in as input to get null cookie
engine enabling, though - I think "-c -" makes more sense, as it at least
does something other than a dead-end stat.

So I guess, perhaps consider not jumping straight to "--cookie-jar" in
HTTP scripting, and suggest "-c -" for null enabling in both HTTP scripting
and the man page?

I started out by using "--cookie cookies.txt --cookie-jar newcookies.txt"
as per the example (with my own filenames), then successfully dropped
--cookie, then successfully switched the jar to "-", then started wondering
if this was all just a trick to enable the engine. With a FULL read of the
docs I could have inferred this, but I suppose it also isn't mentioned that
"-c" enables the engine as well.

I'm blown away by the fast response, BTW. Thanks for that, and for your
efforts with curl!

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2011-08-25 15:52

Message:
This is not a bug, this is intentional.

curl doesn't activate "the cookie engine" unless you tell it to. One way
to tell it is by providing a cookie jar, another way is to use the
-b/--cookie option and provide a (non-existintg?) file to read cookies
from.

Do you have any suggested wording you think we should add to the "-c,
--cookie-jar" documentation to make this easier for a user to figure out?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3398164&group_id=976
Received on 2011-08-25