On 10 May 2002, Gisle Aas wrote: > "John J. Lee" <[EMAIL PROTECTED]> writes: > > > On 10 May 2002, Gisle Aas wrote: [...] > In &LWP::UserAgent::request cookies are cleared on redirect.
I only had a quick look, but that seems too restrictive. RFC 2965 (as you quote below) only requires not setting or returning cookies when the host differs from the original one (well, not exactly: there are precise rules given, of course). [...] > I see, Now I understand your point of view. What are the RFC 2965 > rules you want it to enforce? Is it this one: > > | When it makes an unverifiable transaction, a user agent MUST disable > | all cookie processing (i.e., MUST NOT send cookies, and MUST NOT > | accept any received cookies) if the transaction is to a third-party > | host. 'unverifiable' is their code for 'not matching the original host', IIRC -- AFAICT, the current code clears all incoming cookies regardless of the new host (and, I presume, prevents old cookies from being sent out). John
