On Sun, Nov 7, 2010 at 18:49, Bill Moseley <mose...@hank.org> wrote:
> On a redirect:
>
> # These headers should never be forwarded
> $referral->remove_header('Host', 'Cookie');
>
> Should the cookie always be removed? Or only if the redirect is to a
> different domain?
If the original cookie was set from a $ua->cookie_jar; then a new
request to the same domain will get the proper cookies set as well.
The problem is cases where no $ua->cookie_jar is set and the "user"
has set the cookie in the request manually. I still think its better
for LWP not to forward the cookie. Cookies can be restricted to
certain paths; certain sub-domains or only to secure sites and LWP has
no way to determine this without knowing the Set-Cookie parameters. I
think it's better for the driving code to have to handle this if they
intend the cookie to be forwarded.
> I noticed that wget does not remove the cookie (at least when redirecting to
> same domain).
Can you figure out more about the rules that wget follows?
--Gisle
