From 448d2b5f491067f110e96c4a60342d0c34dd7010 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 25 Oct 2009 18:15:14 +0000
Subject: - Dima Barsky made the curl cookie parser accept cookies even with
 blank or   unparsable expiry dates and then treat them as session cookies -
 previously   libcurl would reject cookies with a date format it couldn't
 parse. Research   shows that the major browser treat such cookies as session
 cookies. I   modified test 8 and 31 to verify this.

---
 lib/cookie.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/cookie.c b/lib/cookie.c
index d121c0b29..89f90f1d3 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -363,9 +363,8 @@ Curl_cookie_add(struct SessionHandle *data,
               badcookie = TRUE;
               break;
             }
-            /* Note that we store -1 in 'expires' here if the date couldn't
-               get parsed for whatever reason. This will have the effect that
-               the cookie won't match. */
+            /* Note that if the date couldn't get parsed for whatever reason,
+               the cookie will be treated as a session cookie */
             co->expires = curl_getdate(what, &now);
 
             /* Session cookies have expires set to 0 so if we get that back
@@ -373,6 +372,8 @@ Curl_cookie_add(struct SessionHandle *data,
                non-session cookie */
             if (co->expires == 0)
               co->expires = 1;
+            else if( co->expires < 0 )
+                co->expires = 0;
           }
           else if(!co->name) {
             co->name = strdup(name);
-- 
cgit v1.2.3