This is from UserAgent::request (LWP 5.76) where it is dealing with a
redirect response
# These headers should never be forwarded
$referral->remove_header('Host', 'Cookie');
I've found that while writing a script to automate logging on to Yahoo Web
mail, I've needed to change this behaviour in a private copy of
UserAgent::request to retain the Cookies. FYI, logging onto Yahoo involves
dealing with a series of 302 responses. The first of these responses (from
http://login.yahoo.com), is a 302 that redirects back to itself - this
response has a Set-Cookie header that is needed to be applied to the
redirection request to continue with the login.
Apart from the fact that this behaviour is being used in the wild, my
reading of RFC 2109 is that this use of a Set-Cookie is ok because the
domain attribute in the Cookie still refers to ".yahoo.com".
Anyway, it is something to consider if this code is ever revisited.
Paul
