Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cookie engine enabled without asked to #4429

Closed
bagder opened this issue Sep 26, 2019 · 2 comments

Comments

@bagder
Copy link
Member

commented Sep 26, 2019

I did this

curl $URL $URL

... where the $URL sets a cookie.

I expected the following

No cookie would be sent in the second request, but it actually is!

This is likely to be a regression from 7.66.0 when this is using the share interface as compared to how things worked before.

curl/libcurl version

7.66.0

operating system

Any

@jay

This comment has been minimized.

Copy link
Member

commented Sep 27, 2019

bisected to b889408 curl: support parallel transfers
cookie engine is enabled for both transfers
from master:

curl/src/tool_operate.c

Lines 2294 to 2298 in 9cd755e

curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_COOKIE);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_DNS);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_CONNECT);
curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_PSL);

curl/lib/share.c

Lines 78 to 88 in 9cd755e

case CURL_LOCK_DATA_COOKIE:
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
if(!share->cookies) {
share->cookies = Curl_cookie_init(NULL, NULL, NULL, TRUE);
if(!share->cookies)
res = CURLSHE_NOMEM;
}
#else /* CURL_DISABLE_HTTP */
res = CURLSHE_NOT_BUILT_IN;
#endif
break;

@bagder

This comment has been minimized.

Copy link
Member Author

commented Sep 27, 2019

Yes exactly. But I think it is an API problem/misbehavior that this curl change brought into light, so that is where I've done my fix for this in #4434 .

bagder added a commit that referenced this issue Sep 27, 2019
The 'share object' only sets the storage area for cookies. The "cookie
engine" still needs to be enabled or activated using the normal cookie
options.

This caused the curl command line tool to accidentally use cookies
without having been told to, since curl switched to using shared cookies
in 7.66.0.

Test 1166 verifies

Updated test 506

Fixes #4429
Closes #4434
@bagder bagder closed this in d0a7ee3 Sep 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.