From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 4 Aug 2003 23:05:57 +0000 (+0000)
Subject:   Jan Sundin reported a case where curl ignored a cookie that browsers don't,
X-Git-Tag: pre-ares~5
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=98ee12bc356e2635858049ba5e69a62bb7e5e9c2;p=curl

  Jan Sundin reported a case where curl ignored a cookie that browsers don't,
  which turned up to be due to the number of dots in the 'domain'. I've now
  made curl follow the the original netscape cookie spec less strict on that
  part.
---

diff --git a/lib/cookie.c b/lib/cookie.c
index c9883594c..03065f909 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -234,7 +234,13 @@ Curl_cookie_add(struct CookieInfo *c,
                 break;
               }
             }
-            if(dotcount < 3) {
+            /* The original Netscape cookie spec defined that this domain name
+               MUST have three dots (or two if one of the seven holy TLDs),
+               but it seems that these kinds of cookies are in use "out there"
+               so we cannot be that strict. I've therefore lowered the check
+               to not allow less than two dots. */
+            
+            if(dotcount < 2) {
               /* Received and skipped a cookie with a domain using too few
                  dots. */
               badcookie=TRUE; /* mark this as a bad cookie */