On Wed, 5 Nov 2003, Hrvoje Niksic wrote:
> Good point, although I somewhat disagree about the "plain wrong" part. From
> what I gather, the `cookies.txt' file to which Wget and curl dump their
> cookies is meant to hold permanent cookies. Putting session cookies inside
> might confuse other browsers.
Not necessarily, since they are stored without any expire time (using zero)
and ordinary "non-session" cookies always have a number different than zero in
that field.
But sure, they might still confuse a browser that reads the file. I've never
considered that a problem and I've never got any problems with that behavior
reported. I believe very few people actually try that stunt.
> That notwithstanding, another problem is that, since session cookies have no
> expiry time, saving them by default would make them effectively immortal,
> which sounds quite wrong to me. I may be missing curl-specific details,
> though.
Yes, it makes them immortal and lets the user decide when the "session" ends
(by using the correct option). There is no one but the user who can tell when
one session ends and another starts. In most cases, people will make a fresh
cookie file each time they start a new session and then just keep session
cookies around until they're done for this time. (Based on what I've done
myself and seen others do with automated curl operations using cookies.)
> Hmm. Wget will not ignore session cookies at load-time (any more),
> regardless of options. `--keep-session-cookies' causes it not to discard
> them at save time.
Right, but then again people who use wget are more likely (I'm guessing here)
to use one single wget command line and consider that to be the full session.
In curl's case, when using cookies you will very often enter multiple command
lines to sort out a single session's business.
--
-=- Daniel Stenberg -=- http://daniel.haxx.se -=-
ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
