-
-
Notifications
You must be signed in to change notification settings - Fork 6.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curl_easy_setopt(handle, CURLOPT_COOKIEFILE, NULL) doesn't disable cookies #6889
Comments
I don't think it can be seen as anything else than an oversight that we cannot switch off the cookie engine for an easy handle once it has been turned on. But if we are to introduce such a way - and I think we should - maybe it would make more sense to follow the previous pattern of "cookie commands" that we support with CURLOPT_COOKIELIST and add a switch off command there? Maybe just call it |
the fix would probably be simple, however CURLOPT_COOKIEJAR I don't see a good way to do the same because data->cookies may be used by a share handle i think diff --git a/lib/setopt.c b/lib/setopt.c
index 022dd38..4612c03 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -752,6 +752,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
}
data->state.cookielist = cl; /* store the list for later use */
}
+ else {
+ curl_slist_free_all(data->state.cookielist);
+ data->state.cookielist = NULL;
+ }
break;
case CURLOPT_COOKIEJAR: |
This just clears the list of files to read cookies from. It would also need to clear all the cookies from memory and switch off further cookie handling. |
IIRC the cookie engine isn't turned on by CURLOPT_COOKIEFILE until the transfer is started |
Right, but what if the handle was already used for one or more transfers with cookies and then you switch it off... |
I see what you're saying. I don't think the cookie engine should explicitly be shut off by CURLOPT_COOKIEFILE, NULL, but it probably should clear the filenames. The doc doesn't say NULL shuts it off. |
For what it's worth, I would expect setting it to NULL to turn it off and here's my reasoning: the default is documented as NULL and if all I do is set CURLOPT_COOKIEFILE to some path and then set it back to NULL without doing anything else, I would expect the easy handle to behave the way it would if I had left things in the default configuration. |
I think there's a lot of sense in that reasoning... |
Reported-by: Stefan Karpinski Fixes #6889
Proposed approach in #6891 |
If one enables the cookie engine by doing
curl_easy_setopt(handle, CURLOPT_COOKIEFILE,"")
or some such, one would expect that subsequently doingcurl_easy_setopt(handle, CURLOPT_COOKIEFILE, NULL)
would disable it again — indeed, this is how most curl options work. Not sure if this is a bug report or a feature request.The text was updated successfully, but these errors were encountered: