You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that when curl receives a Set-Cookie header with Max-Age=-1 (or any negative number) it will not immediately expire the cookie. Rather, the cookie will stay in the cookie jar when curl exits.
I believe that this is related to c3fdeca which works only for Max-Age=0, see Issue #3351.
If delta-seconds is less than or equal to zero (0) ....
In my opinion, patch c3fdeca may work only if delta-seconds is equal to zero and not if it is less than. I have verified this with a server: when I send Max-Age: 0, the cookie is immediately removed from the cookie jar, whereas if I set Max-Age: -1 it is not removed until the next time I run curl -c ...
I noticed that when curl receives a
Set-Cookie
header withMax-Age=-1
(or any negative number) it will not immediately expire the cookie. Rather, the cookie will stay in the cookie jar when curl exits.I believe that this is related to c3fdeca which works only for
Max-Age=0
, see Issue #3351.However, @badger quotes RFC6265 in this comment as stating that:
In my opinion, patch c3fdeca may work only if delta-seconds is equal to zero and not if it is less than. I have verified this with a server: when I send
Max-Age: 0
, the cookie is immediately removed from the cookie jar, whereas if I setMax-Age: -1
it is not removed until the next time I runcurl -c ...
My output with
Max-Age: -1
next invocation:
and the cookie jar contains:
By contrast,
Max-Age=0
yields:and the cookie is gone from the cookie jar.
The text was updated successfully, but these errors were encountered: