- Dima Barsky made the curl cookie parser accept cookies even with blank or

  unparsable expiry dates and then treat them as session cookies - previously
  libcurl would reject cookies with a date format it couldn't parse. Research
  shows that the major browser treat such cookies as session cookies. I
  modified test 8 and 31 to verify this.

1 files changed, 4 insertions, 3 deletions

diff --git a/lib/cookie.c b/lib/cookie.c
index d121c0b29..89f90f1d3 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -363,9 +363,8 @@ Curl_cookie_add(struct SessionHandle *data,
               badcookie = TRUE;
               break;
             }
-            /* Note that we store -1 in 'expires' here if the date couldn't
-               get parsed for whatever reason. This will have the effect that
-               the cookie won't match. */
+            /* Note that if the date couldn't get parsed for whatever reason,
+               the cookie will be treated as a session cookie */
             co->expires = curl_getdate(what, &now);
 
             /* Session cookies have expires set to 0 so if we get that back
@@ -373,6 +372,8 @@ Curl_cookie_add(struct SessionHandle *data,
                non-session cookie */
             if (co->expires == 0)
               co->expires = 1;
+            else if( co->expires < 0 )
+                co->expires = 0;
           }
           else if(!co->name) {
             co->name = strdup(name);