cookie engine enabled without asked to

[bagder]

I did this

curl $URL $URL

... where the $URL sets a cookie.

I expected the following

No cookie would be sent in the second request, but it actually is!

This is likely to be a regression from 7.66.0 when this is using the share interface as compared to how things worked before.

curl/libcurl version

7.66.0

operating system

Any

[jay]

bisected to b889408 curl: support parallel transfers
cookie engine is enabled for both transfers
from master:

curl/src/tool_operate.c

Lines 2294 to 2298 in 9cd755e

	curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_COOKIE);
	curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_DNS);
	curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
	curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_CONNECT);
	curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_PSL);

curl/lib/share.c

Lines 78 to 88 in 9cd755e

	case CURL_LOCK_DATA_COOKIE:
	#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
	if(!share->cookies) {
	share->cookies = Curl_cookie_init(NULL, NULL, NULL, TRUE);
	if(!share->cookies)
	res = CURLSHE_NOMEM;
	}
	#else /* CURL_DISABLE_HTTP */
	res = CURLSHE_NOT_BUILT_IN;
	#endif
	break;

[bagder]

Yes exactly. But I think it is an API problem/misbehavior that this curl change brought into light, so that is where I've done my fix for this in #4434 .