On Tue, 18 Aug 2015, [email protected] wrote:
I'm developing software for TV receivers which support the MHEG5 interactive service (which is something comparable to HbbTV). MHEG5 is standardized by ETSI ES 202 184, which specifies the following: " 15.7.5 Cookie support Receivers shall support the use of cookies via the Cookie request header and Set Cookie response header as defined by RFC 6265 [32]. All cookies shall be stored transiently, regardless of any specified expiration date or age. [...]"
I think this is the key. You want the cookies to be stored "regardless of any specified expiration date" and libcurl actually expires out of date cookies since cookies have an expiry time... The expiration of cookies was added in 7.33.0.
I don't know how the "libcurl.so.x.y.z"-version maps to the official curl version.
We can't tell either for sure, but curl_version() and curl_version_info() will tell you exactly.
I think that in general RFC 6265 permits this behavior, but why not leave it to the application?
RFC 6265 says "max-age" takes precedence over "expires" and it says "If delta-seconds is less than or equal to zero (0), let expiry-time be the earliest representable date and time."
I would of course strongly advice against sending both as it is confusing to everyone.
I don't see how the RFC says that we must store expired cookies anywhere. What section are you referring to?
- If not, is it possible to change curl, e.g. by adding a new CURL_OPTION to restore the "old" behaviour and let the application decide when to remove an expired cookie?
I could be persuaded to support such an option, but I would like some more clarifcations!
What is the actual use for outdated cookies? Why does the server expire the cookies if you need them (and can use them) after they're expired?
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
