Commit 98ee12bc authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Jan Sundin reported a case where curl ignored a cookie that browsers don't, 

  which turned up to be due to the number of dots in the 'domain'. I've now
  made curl follow the the original netscape cookie spec less strict on that
  part.
parent fdda786f

lib/cookie.c

+7 −1
Original line number Diff line number Diff line
@@ -234,7 +234,13 @@ Curl_cookie_add(struct CookieInfo *c, 
                break;

              }

            }

            if(dotcount < 3) {

            /* The original Netscape cookie spec defined that this domain name

               MUST have three dots (or two if one of the seven holy TLDs),

               but it seems that these kinds of cookies are in use "out there"

               so we cannot be that strict. I've therefore lowered the check

               to not allow less than two dots. */

            

            if(dotcount < 2) {

              /* Received and skipped a cookie with a domain using too few

                 dots. */

              badcookie=TRUE; /* mark this as a bad cookie */