Jan Sundin reported a case where curl ignored a cookie that browsers don't,

  which turned up to be due to the number of dots in the 'domain'. I've now
  made curl follow the the original netscape cookie spec less strict on that
  part.

diff --git a/lib/cookie.c b/lib/cookie.c
index c9883594cb562ee074f8bca5ff6f56a19a84d61e..03065f9092b9444ae886ad94d1f201516742cff5 100644 (file)
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -234,7 +234,13 @@ Curl_cookie_add(struct CookieInfo *c,
                 break;
               }
             }
-            if(dotcount < 3) {
+            /* The original Netscape cookie spec defined that this domain name
+               MUST have three dots (or two if one of the seven holy TLDs),
+               but it seems that these kinds of cookies are in use "out there"
+               so we cannot be that strict. I've therefore lowered the check
+               to not allow less than two dots. */
+            
+            if(dotcount < 2) {
               /* Received and skipped a cookie with a domain using too few
                  dots. */
               badcookie=TRUE; /* mark this as a bad cookie */