curl sending expired cookie in 7.62.0 #3351
After updating to 7.62.0 one of my unit tests started failing. The problem is that when the server unsets a cookie, and the libcurl client makes a subsequent request within 1 second after the response, curl will include the deleted cookie in the request.
I run into this with the R bindings, not sure if there is an easy way to reproduce in the cmd line. Basically the test performs the 4 steps below (using a single easy handle)
Note the last line. It is including the expired
Also note that the problem does not appear if you wait at least 1 second between step 3 and 4.
The text was updated successfully, but these errors were encountered:
RFC 6265 says the following for the Max-Age value:
... but the libcurl code seems to wrongly treat zero as any other value and therefore it won't expire this cookie within the same second:
@danielgustafsson, you've looked at cookies recently. Would you agree?