- From: Mikel Maron <mikel_maron@yahoo.com>
- Date: Fri, 21 Nov 2003 09:12:46 -0800 (PST)
- To: www-lib@w3.org
Hello! I've been working on an application, using libwww, and have come across some subtle, minor bugs in how Cookies are handled .. which nevertheless cause great pain for my app. Not sure if there's any development happening on libwww, or if bug fixes are welcome, especially for the apparently un-official Cookie spec (http://wp.netscape.com/newsref/std/cookie_spec.html). Hopefully there is some interest! So, the problem is two-fold. First, accepted cookies are parsed incorrectly. The code is assuming that "=" is not a valid character in a cookie value, by calling HTNextField rather than HTNextPair to parse the value. From the spec on NAME=VALUE pairs in cookies... "This string is a sequence of characters excluding semi-colon, comma and white space" Secondly, when a Cookie is being constructed to send, the NAME=VALUE pairs are seperated by only ";", when it should be "; ". The Spec addresses this under "Syntax of the Cookie HTTP Request Header" Here's the tiny diff on HTCookie.c .. 254c254 < char * cookie_value = HTNextPair(&value); --- > char * cookie_value = HTNextField(&value); 304c304 < if (!first) HTChunk_putc(cookie_header, '; '); --- > if (!first) HTChunk_putc(cookie_header, ';'); .. so there you have it. Any chance of including this fix in the distribution? Thanks Mikel ===== Brain Off :: http://radio.weblogs.com/0100875/ __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/
Received on Friday, 21 November 2003 12:12:47 UTC