Dear all, although the question seems quite straight forward I want to elaborate on this a bit more.
I'm developing software for TV receivers which support the MHEG5 interactive service (which is something comparable to HbbTV). MHEG5 is standardized by ETSI ES 202 184, which specifies the following: " 15.7.5 Cookie support Receivers shall support the use of cookies via the Cookie request header and Set Cookie response header as defined by RFC 6265 [32]. All cookies shall be stored transiently, regardless of any specified expiration date or age. [...]" In our previous products we were using "libcurl.so.4.2.0" which didn't seem to bother whether cookies were expired or not. But in the currently used versions "libcurl.so.5.3.0" it has started to silently discard expired cookies which makes it now impossible to fulfill the above requirement. I don't know how the "libcurl.so.x.y.z"-version maps to the official curl version. I therefore cannot tell from what sources my libcurl.s0.5.3.0 shared libarary originates. However, I compiled the sources of curl 7.28.0 and also got "libcurl.so.4.2.0" from that, which works as desired but makes me believe that library versions have no direct link to the curl version. And it may well be that the whole issue is just up to these "versions" and not to curl itself? The whole thing became apparent when we changed the web server. They were running different PHP versions. Only the server running PHP 5.6.3 was sending a "max-age" attribute with the cookies (see below). The other with PHP 5.3 didn't. HTTP/1.1 200 OK Date: Mon, 06 Jul 2015 15:20:35 GMT Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1f mod_wsgi/4.4.1 Python/2.7.6 PHP/5.6.3 X-Powered-By: PHP/5.6.3 Set-Cookie: expires1=expiry1; path=/ukdtt2/IC032; domain=dtgtest.org Set-Cookie: expires2=expiry2; expires=Mon, 06-Jul-2015 15:20:35 GMT; Max-Age=0; path=/ukdtt2/IC032; domain=dtgtest.org Set-Cookie: expires3=expiry3; expires=Tue, 07-Jul-2015 15:20:35 GMT; Max-Age=86400; path=/ukdtt2/IC032; domain=dtgtest.org Set-Cookie: expires4=expiry4; expires=Sun, 05-Jul-2015 15:20:35 GMT; Max-Age=-86400; path=/ukdtt2/IC032; domain=dtgtest.org Set-Cookie: expires5=expiry5; expires=Mon, 06-Jul-2015 14:20:35 GMT; Max-Age=-3600; path=/ukdtt2/IC032; domain=dtgtest.org Set-Cookie: expires6=expiry6; expires=Tue, 05-Jul-2016 15:20:35 GMT; Max-Age=31536000; path=/ukdtt2/IC032; domain=dtgtest.org Content-Length: 11 Content-Type: text/plain;charset=UTF-8 When comparing "libcurl.so.5.3.0" and "libcurl.so.4.2.0" I then found that it depends on whether the "max-age" attribute is set for a cookie or not. If it is absent cookies with an expire time will always be kept. Only if the max-age has a negative value they will be discarded. Also, even if the "expired" attribute is in the past (and no max-age is present) cookies are still kept. So it's just the negative max-age causing trouble. In other words: From the list above the cookies "expiry4" and "expiry5" are not provided to the application. I think that in general RFC 6265 permits this behavior, but why not leave it to the application? Finally, my questions are: - is this behavior a curl build configuration issue? If yes, how is it unset? - If not, is it possible to change curl, e.g. by adding a new CURL_OPTION to restore the "old" behaviour and let the application decide when to remove an expired cookie? Kind regards, Günter ---------------------- Günter Jorma Pusch Team Leader/Gruppenleiter DVB-Software Loewe Technologies GmbH Industriestr. 11 D-96317 Kronach Tel.: +49 9261 99-915 Fax: +49 9261 99-378 mailto: [email protected] visit: www.loewe.de ________________________________ Loewe steht seit ueber 90 Jahren fuer TOP-Qualitaet im Bereich Smart Home Entertainment. Der Grund dafuer ist: Made in Germany. Loewe Technologies GmbH Geschaeftsfuehrung: Mark Huesges, Dr. Boris Levin, Michael Pedersen, Christoph Schuelner Sitz der Gesellschaft: Kronach Amtsgericht Coburg: HRB 5443 Loewe Technologies GmbH Board of Management: Mark Huesges, Dr. Boris Levin, Michael Pedersen, Christoph Schuelner Location of the Company: Kronach Inferior Court Coburg: HRB 5443 ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
