Commit b18a1654 authored by Jay Satiro's avatar Jay Satiro
Browse files

CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain 

Document that if Set-Cookie is used without a domain then the cookie is
sent for any domain and will not be modified.

Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html
Reported-by: Alexander Dyagilev
parent 02dfc930

docs/libcurl/opts/CURLOPT_COOKIELIST.3

+7 −0
Original line number Diff line number Diff line
@@ -36,6 +36,13 @@ Such a cookie can be either a single line in Netscape / Mozilla format or just 
regular HTTP-style header (Set-Cookie: ...) format. This will also enable the

cookie engine. This adds that single cookie to the internal cookie store.



If you use the Set-Cookie format and don't specify a domain then the cookie

is sent for any domain and will not be modified. If a server sets a cookie of

the same name (or maybe you've imported one) then both will be sent on a future

transfer to that server, likely not what you intended. Either set a domain in

Set-Cookie (doing that will include sub domains) or use the Netscape format as

shown in EXAMPLE.



Additionally, there are commands available that perform actions if you pass in

these exact strings:

.IP ALL