diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2015-09-03 02:35:11 -0400 |
|---|---|---|
| committer | Jay Satiro <raysatiro@yahoo.com> | 2015-09-03 02:35:11 -0400 |
| commit | cb6a07fed03459368e71b738b1bc9448213c4dfb (patch) | |
| tree | 1fc69a47d30f93e6f2666266fdb19ffc6e485b93 /docs/libcurl/opts/CURLOPT_COOKIELIST.3 | |
| parent | b604b7f040ebe29113daf24c73d5cb3da271c9f9 (diff) | |
docs: Warn about any-domain cookies and multiple transfers
- Warn that cookies without a domain are sent to any domain:
CURLOPT_COOKIELIST, CURLOPT_COOKIEFILE, --cookie
- Note that imported Set-Cookie cookies without a domain are no longer
exported:
CURLINFO_COOKIELIST, CURLOPT_COOKIEJAR, --cookie-jar
Diffstat (limited to 'docs/libcurl/opts/CURLOPT_COOKIELIST.3')
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_COOKIELIST.3 | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/docs/libcurl/opts/CURLOPT_COOKIELIST.3 b/docs/libcurl/opts/CURLOPT_COOKIELIST.3 index 937c79db8..ca30ec2a6 100644 --- a/docs/libcurl/opts/CURLOPT_COOKIELIST.3 +++ b/docs/libcurl/opts/CURLOPT_COOKIELIST.3 @@ -36,16 +36,15 @@ Such a cookie can be either a single line in Netscape / Mozilla format or just regular HTTP-style header (Set-Cookie: ...) format. This will also enable the cookie engine. This adds that single cookie to the internal cookie store. -If you use the Set-Cookie format and don't specify a domain then the cookie -is sent for any domain and will not be modified. If a server sets a cookie of -the same name (or maybe you've imported one) then both will be sent on a future -transfer to that server, likely not what you intended. Either set a domain in -Set-Cookie (doing that will include sub domains) or use the Netscape format as +Exercise caution if you are using this option and multiple transfers may occur. +If you use the Set-Cookie format and don't specify a domain then the cookie is +sent for any domain (even after redirects are followed) and cannot be modified +by a server-set cookie. If a server sets a cookie of the same name (or maybe +you've imported one) then both will be sent on a future transfer to that +server, likely not what you intended. To address these issues set a domain in +Set-Cookie (doing that will include sub-domains) or use the Netscape format as shown in EXAMPLE. -Starting in 7.43.0 the aforementioned any-domain cookies will not appear in the -lists exported by \fICURLINFO_COOKIELIST(3)\fP and \fICURLOPT_COOKIEJAR(3)\fP. - Additionally, there are commands available that perform actions if you pass in these exact strings: .IP ALL @@ -117,4 +116,4 @@ RELOAD was added in 7.39.0 Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. .SH "SEE ALSO" -.BR CURLOPT_COOKIEFILE "(3), " CURLOPT_COOKIEJAR "(3), " CURLOPT_COOKIE "(3), " +.BR CURLOPT_COOKIEFILE "(3), " CURLOPT_COOKIEJAR "(3), " CURLOPT_COOKIE "(3), " |