If no '=' symbol is used in the line, it is treated as a filename to use to
read previously stored cookie lines from, which should be used in this session
-if they match. Using this method also activates the "cookie parser" which will
+if they match. Using this method also activates the cookie engine which will
make curl record incoming cookies too, which may be handy if you're using this
in combination with the \fI-L, --location\fP option. The file format of the
file to read cookies from should be plain HTTP headers or the Netscape/Mozilla
will be written to the file. To store cookies, use the \fI-c, --cookie-jar\fP
option.
+Exercise caution if you are using this option and multiple transfers may occur.
+If you use the NAME1=VALUE1; format, or in a file use the Set-Cookie format and
+don't specify a domain, then the cookie is sent for any domain (even after
+redirects are followed) and cannot be modified by a server-set cookie. If the
+cookie engine is enabled and a server sets a cookie of the same name then both
+will be sent on a future transfer to that server, likely not what you intended.
+To address these issues set a domain in Set-Cookie (doing that will include
+sub-domains) or use the Netscape format.
+
If this option is used several times, the last one will be used.
.IP "-B, --use-ascii"
(FTP/LDAP) Enable ASCII transfer. For FTP, this can also be enforced by using
displayed, but that is the only visible feedback you get about this possibly
lethal situation.
+Since 7.43.0 cookies that were imported in the Set-Cookie format without a
+domain name are not exported by this option.
+
If this option is used several times, the last specified file name will be
used.
.IP "-C, --continue-at <offset>"
cookies cURL knows (expired ones, too). Don't forget to
\fIcurl_slist_free_all(3)\fP the list after it has been used. If there are no
cookies (cookies for the handle have not been enabled or simply none have been
-received) 'struct curl_slist *' will be set to point to NULL. (Added in
-7.14.1)
+received) 'struct curl_slist *' will be set to point to NULL.
+
+Since 7.43.0 cookies that were imported in the Set-Cookie format without a
+domain name are not exported by this option.
+
+(Added in 7.14.1)
.IP CURLINFO_LASTSOCKET
Pass a pointer to a long to receive the last socket used by this curl
session. If the socket is no longer valid, -1 is returned. When you finish
This option only \fBreads\fP cookies. To make libcurl write cookies to file,
see \fICURLOPT_COOKIEJAR(3)\fP.
+Exercise caution if you are using this option and multiple transfers may occur.
+If you use the Set-Cookie format and don't specify a domain then the cookie is
+sent for any domain (even after redirects are followed) and cannot be modified
+by a server-set cookie. If a server sets a cookie of the same name then both
+will be sent on a future transfer to that server, likely not what you intended.
+To address these issues set a domain in Set-Cookie (doing that will include
+sub-domains) or use the Netscape format.
+
If you use this option multiple times, you just add more files to read.
Subsequent files will add more cookies.
.SH DEFAULT
error for this. Using \fICURLOPT_VERBOSE(3)\fP or
\fICURLOPT_DEBUGFUNCTION(3)\fP will get a warning to display, but that is the
only visible feedback you get about this possibly lethal situation.
+
+Since 7.43.0 cookies that were imported in the Set-Cookie format without a
+domain name are not exported by this option.
.SH DEFAULT
NULL
.SH PROTOCOLS
Returns CURLE_OK if HTTP is supported, CURLE_UNKNOWN_OPTION if not, or
CURLE_OUT_OF_MEMORY if there was insufficient heap space.
.SH "SEE ALSO"
-.BR CURLOPT_COOKIEFILE "(3), " CURLOPT_COOKIE "(3), " CURLOPT_COOKIELIST "(3), "
+.BR CURLOPT_COOKIEFILE "(3), " CURLOPT_COOKIE "(3), "
+.BR CURLOPT_COOKIELIST "(3), "
regular HTTP-style header (Set-Cookie: ...) format. This will also enable the
cookie engine. This adds that single cookie to the internal cookie store.
-If you use the Set-Cookie format and don't specify a domain then the cookie
-is sent for any domain and will not be modified. If a server sets a cookie of
-the same name (or maybe you've imported one) then both will be sent on a future
-transfer to that server, likely not what you intended. Either set a domain in
-Set-Cookie (doing that will include sub domains) or use the Netscape format as
+Exercise caution if you are using this option and multiple transfers may occur.
+If you use the Set-Cookie format and don't specify a domain then the cookie is
+sent for any domain (even after redirects are followed) and cannot be modified
+by a server-set cookie. If a server sets a cookie of the same name (or maybe
+you've imported one) then both will be sent on a future transfer to that
+server, likely not what you intended. To address these issues set a domain in
+Set-Cookie (doing that will include sub-domains) or use the Netscape format as
shown in EXAMPLE.
-Starting in 7.43.0 the aforementioned any-domain cookies will not appear in the
-lists exported by \fICURLINFO_COOKIELIST(3)\fP and \fICURLOPT_COOKIEJAR(3)\fP.
-
Additionally, there are commands available that perform actions if you pass in
these exact strings:
.IP ALL
Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
CURLE_OUT_OF_MEMORY if there was insufficient heap space.
.SH "SEE ALSO"
-.BR CURLOPT_COOKIEFILE "(3), " CURLOPT_COOKIEJAR "(3), " CURLOPT_COOKIE "(3), "
+.BR CURLOPT_COOKIEFILE "(3), " CURLOPT_COOKIEJAR "(3), " CURLOPT_COOKIE "(3), "
projects / curl / commitdiff