Skip to content

cookie: remove expired cookies before listing#18299

Closed
xfangfang wants to merge 1 commit intocurl:masterfrom
xfangfang:fix_cookie_list
Closed

cookie: remove expired cookies before listing#18299
xfangfang wants to merge 1 commit intocurl:masterfrom
xfangfang:fix_cookie_list

Conversation

@xfangfang
Copy link
Copy Markdown
Contributor

@xfangfang xfangfang commented Aug 16, 2025

If the cookie returned by the server is expired, curl_easy_getinfo(curl, CURLINFO_COOKIELIST, &cookies) will still retrieve one expired cookie(Only the last one).

Below is the test code:

server code:

#!/usr/bin/env python3

from http.server import BaseHTTPRequestHandler, HTTPServer

name = "127.0.0.1"
port = 8000

text = f"""HTTP/1.1 200 OK
Content-Length: 6
Content-Type: text/plain
Set-Cookie: c1=123; Domain={name}; Path=/; Expires=Thu, 12 Feb 2000 00:00:00 GMT
Set-Cookie: c2=456; Domain={name}; Path=/; Expires=Thu, 12 Feb 2000 00:00:00 GMT;

hello
"""

class myHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.wfile.write(text.encode())

if __name__ == '__main__':
    server = HTTPServer((name, port), myHandler)
    print(f'Serving on port {name}:{port}...')
    server.serve_forever()

client code

#include <stdio.h>
#include <curl/curl.h>

int main(void)
{
    CURL *curl = curl_easy_init();
    if(curl) {
        CURLcode res;
        curl_easy_setopt(curl, CURLOPT_URL, "http://127.0.0.1:8000");

        /* enable the cookie engine */
        curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "");

        res = curl_easy_perform(curl);

        if(!res) {
            /* extract all known cookies */
            struct curl_slist *cookies = NULL;
            res = curl_easy_getinfo(curl, CURLINFO_COOKIELIST, &cookies);
            if(!res && cookies) {
                /* a linked list of cookies in cookie file format */
                struct curl_slist *each = cookies;
                while(each) {
                    printf("%s\n", each->data);
                    each = each->next;
                }
                /* we must free these cookies when we are done */
                curl_slist_free_all(cookies);
            }
        }
        curl_easy_cleanup(curl);
    }
}

When using the curl command-line tool, this issue does not occur:
curl -c - http://127.0.0.1:8000
because it automatically purges expired cookies before retrieving them.

curl/lib/cookie.c

Lines 1512 to 1526 in a5f0ab7

static CURLcode cookie_output(struct Curl_easy *data,
struct CookieInfo *ci,
const char *filename)
{
FILE *out = NULL;
bool use_stdout = FALSE;
char *tempstore = NULL;
CURLcode error = CURLE_OK;
if(!ci)
/* no cookie engine alive */
return CURLE_OK;
/* at first, remove expired cookies */
remove_expired(ci);

This PR aligns libcurl’s behavior with the CLI by clearing expired cookies before users fetch them via CURLINFO_COOKIELIST.

bagder added a commit that referenced this pull request Aug 17, 2025
@bagder
test1549: verify CURLOPT_COOKIEFILE after expired cookies
8183a86 
Verifies #18299
bagder added a commit that referenced this pull request Aug 17, 2025
@bagder
test1549: verify CURLOPT_COOKIEFILE after expired cookies
b006d49 
Verifies #18299
@bagder bagder mentioned this pull request Aug 17, 2025
Closed
@bagder bagder closed this in de89b86 Aug 17, 2025
@bagder
Copy link
Copy Markdown
Member

bagder commented Aug 17, 2025

thanks!

bagder added a commit that referenced this pull request Aug 17, 2025
@bagder
test1549: verify CURLOPT_COOKIEFILE after expired cookies
0ba8e7f 
Verifies #18299 (de89b86)
Closes #18303
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bagder bagder bagder approved these changes

Assignees

No one assigned

Labels

cookies HTTP

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xfangfang @bagder