RFC 6265 section 4.1.1 spells out that the first name/value pair in the header is the actual cookie name and content, while the following are the parameters.
libcurl currently has a more liberal approach which causes significant problems when introducing new cookie parameters, like the suggested new cookie priority draft.
The current parser gets all n/v pairs and the first name isn't a known parameter will be considered the cookie, thus accepting Set-Cookie: Max-Age=2; name=daniel while an RFC compliant parser should consider that to be a cookie named 'Max-Age'.
The text was updated successfully, but these errors were encountered:
bagder commentedMar 9, 2016
RFC 6265 section 4.1.1 spells out that the first name/value pair in the header is the actual cookie name and content, while the following are the parameters.
libcurl currently has a more liberal approach which causes significant problems when introducing new cookie parameters, like the suggested new cookie priority draft.
The current parser gets all n/v pairs and the first name isn't a known parameter will be considered the cookie, thus accepting
Set-Cookie: Max-Age=2; name=daniel
while an RFC compliant parser should consider that to be a cookie named 'Max-Age'.The text was updated successfully, but these errors were encountered: