Discussion:
getting/setting cookies
Daniel Stenberg
2004-12-17 10:22:20 UTC
Permalink
Hi

I have this suggestion on a simple get/set cookies interface for addition to
libcurl:

curl_easy_getinfo() - CURLINFO_COOKIELIST to get a curl_slist with all known
cookies (netscape/mozilla cookie file formatted)

curl_easy_setopt() - CURLOPT_COOKIELIST to set a list of cookies (using the
same format as above or HTTP-header style - both are supported)

To remove a cookie that libcurl already knows about, you simply set it with no
contents, or you set it with an expired time.

I'm not sure how to clear all known cookies easily, or even if that is a
desired feature.

Opinions? Thoughts? Other ideas?

This is much simpler than our previous cookie API discussions, but I think
simplicity is to prefer here.
--
Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
Dedicated custom curl help for hire: http://haxx.se/curl.html
Linus Nielsen Feltzing
2004-12-17 13:08:12 UTC
Permalink
Post by Daniel Stenberg
curl_easy_getinfo() - CURLINFO_COOKIELIST to get a curl_slist with all
known cookies (netscape/mozilla cookie file formatted)
curl_easy_setopt() - CURLOPT_COOKIELIST to set a list of cookies (using
the same format as above or HTTP-header style - both are supported)
I'd also like a way to get a single cookie by name.
Post by Daniel Stenberg
To remove a cookie that libcurl already knows about, you simply set it
with no contents, or you set it with an expired time.
I'm not sure about the "expired" method, because I want to be able to
change a cookie value without having to change the expire date, which
could be invalid when the cookie was received (like on AOL, where the
expire date is set by a javascript function).

Linus
Wei Weng
2004-12-17 15:55:20 UTC
Permalink
Post by Daniel Stenberg
curl_easy_getinfo() - CURLINFO_COOKIELIST to get a curl_slist with all
known cookies (netscape/mozilla cookie file formatted)
curl_easy_setopt() - CURLOPT_COOKIELIST to set a list of cookies
(using the same format as above or HTTP-header style - both are
supported)
I'd also like a way to get a single cookie by name.\
That can be done by iterating through the curl_slist? I don't think we
should complicate the API by adding on all the bells and whistles.


Wei
Daniel Stenberg
2004-12-18 10:53:25 UTC
Permalink
Post by Linus Nielsen Feltzing
I'd also like a way to get a single cookie by name.
I just think the API turned out quite complicated when starting to think in
those terms. Or do you have any suggestion on how it would work?
Post by Linus Nielsen Feltzing
I'm not sure about the "expired" method, because I want to be able to change
a cookie value without having to change the expire date
With my suggested method, you'd just clone the whole string with the cookie
data libcurl returned to you, then you'd replace the contents in the string
with your own set and send back that whole string to libcurl.
Post by Linus Nielsen Feltzing
which could be invalid when the cookie was received (like on AOL, where the
expire date is set by a javascript function).
libcurl currently keep all cookies in memory, including expired ones. The
expired ones are just never sent to any server.

Thinking about it, this behaviour may need to be changed in the future.
--
Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
Dedicated custom curl help for hire: http://haxx.se/curl.html
Guillaume Arluison
2004-12-17 14:56:30 UTC
Permalink
That would be indeed really nice.

For the moment I'm dealing with the cookie files and editing them
on-the-fly. (delete/set a row)
A memory version will be obviously more interesting !
Post by Daniel Stenberg
To remove a cookie that libcurl already knows about, you simply set
it with no contents,
As usual in php..., it's fine yes.
Post by Daniel Stenberg
I'm not sure how to clear all known cookies easily, or even if that is
a desired feature.
Why not using the curl_easy_setopt CURLOPT_COOKIELIST with a NULL value
? Or do you think it may be confusing with "no-op" ?

For the use of curl_easy_setopt CURLOPT_COOKIELIST (said with the same
format as cur_easy_getinfo) you meant only the cookies that are in the
curl_slist provided will now be used OR (preferably for me) the cookies
already retrieved that are in the list are modified and the others kept
as is ? That may sounds obvious but that's nice to say it in the future doc.

G.
Post by Daniel Stenberg
Hi
I have this suggestion on a simple get/set cookies interface for
curl_easy_getinfo() - CURLINFO_COOKIELIST to get a curl_slist with all
known cookies (netscape/mozilla cookie file formatted)
curl_easy_setopt() - CURLOPT_COOKIELIST to set a list of cookies
(using the same format as above or HTTP-header style - both are
supported)
To remove a cookie that libcurl already knows about, you simply set it
with no contents, or you set it with an expired time.
I'm not sure how to clear all known cookies easily, or even if that is
a desired feature.
Opinions? Thoughts? Other ideas?
This is much simpler than our previous cookie API discussions, but I
think simplicity is to prefer here.
Maurice Barnum
2004-12-18 06:09:26 UTC
Permalink
Post by Daniel Stenberg
Hi
I have this suggestion on a simple get/set cookies interface for addition to
curl_easy_getinfo() - CURLINFO_COOKIELIST to get a curl_slist with all known
cookies (netscape/mozilla cookie file formatted)
curl_easy_setopt() - CURLOPT_COOKIELIST to set a list of cookies (using the
same format as above or HTTP-header style - both are supported)
in my project, i want to get or set the cookies that matches the
session's host. i hacked up support to do that (fetched the cookie
list with Curl_cookie_getlist, and then formatted using the
HTTP-header style).

using this proposed interface, if i wanted to get or set the cookies
that match only the configured CURLOPT_URL, it looks like i'd need to
replicate the cookie matching code in Curl_cookie_getlist?

it would be very nice if the library would let me retrieve either
"matching" cookies or all of them. the first idea that jumps to
my mind isn't a very good one: if CURLOPT_URL is set, filter the
cookies based upon the url, otherwise return all of them. i'm not
aware of any curl_easy_getinfo or curl_easy_setopt methods that
are "modal" in that way.
Post by Daniel Stenberg
To remove a cookie that libcurl already knows about, you simply set it with no
contents, or you set it with an expired time.
I'm not sure how to clear all known cookies easily, or even if that is a
desired feature.
what about passing NULL to curl_easy_setopt/CURLOPT_COOKIELIST?
similarly, removing and modifying cookies could be done by
getting the cookie list and then setting the modified one.

...
Post by Daniel Stenberg
This is much simpler than our previous cookie API discussions, but I think
simplicity is to prefer here.
i like simple. for my project i needed to retrieve the cookies
that match the current url. since i didn't want to worry about
merge issues i didn't define a new CURLINFO_ param. instead i
implemented this:

/**
* Return a list of cookies for the configured connection or NULL
* if there are no cookies that match this request.
*
* @param complete if non-zero, format all of the cookie attributes
* that are known. otherwise, only the name=value
* pair will be returned.
*/
struct curl_slist *curl_ext_get_cookies(CURL *, int complete);

the "complete" parameter is silly; i'll remove it if i keep this
function around after upgrading to later versions of curl.
Daniel Stenberg
2004-12-19 14:42:03 UTC
Permalink
in my project, i want to get or set the cookies that matches the session's
host.
Host and path I presume? And the secure option too? And acknowledging the
expiration times?
using this proposed interface, if i wanted to get or set the cookies that
match only the configured CURLOPT_URL, it looks like i'd need to replicate
the cookie matching code in Curl_cookie_getlist?
Yes. While that is unfortunate, I expect most people don't have this advanced
need.

Of course, if we can come up with a simple and easy API that provides this
functionality as well, I don't mind having it!
it would be very nice if the library would let me retrieve either "matching"
cookies or all of them. the first idea that jumps to my mind isn't a very
good one: if CURLOPT_URL is set, filter the cookies based upon the url,
otherwise return all of them. i'm not aware of any curl_easy_getinfo or
curl_easy_setopt methods that are "modal" in that way.
It would make a very obscure API and I can think of several quirks already
that would make it really hard to use. Let's not go that path.

If we want this advanced approach, we should go with a separate function that
returns matching cookies (where no expression would match all). If so, we
should probably also return a linked list of structs with separate fields for
name, contents, expire time etc instead of plain strings in netscape cookie
file format.

The thing is, that then we are again approaching the more complicated API
previously discussed and that never happened I think mainly because it got too
complicated. See http://curl.haxx.se/dev/COOKIES
Post by Daniel Stenberg
I'm not sure how to clear all known cookies easily, or even if that is a
desired feature.
what about passing NULL to curl_easy_setopt/CURLOPT_COOKIELIST?
Nah, I think passing a NULL to an option like that would mean "don't provide
any cookies" so that apps can easily always use the option, just pass the
correct parameter to it. (Many other options work that way today.)
i like simple. for my project i needed to retrieve the cookies that match
the current url.
struct curl_slist *curl_ext_get_cookies(CURL *, int complete);
If 'int complete' was instead changed to be a 'char *URL' and passing a NULL
instead of URL would return all cookies we would be moving forwards.

But what about expired cookies?

And if we provide this separate function, wouldn't it make more sense to
return a linked list of:

struct curl_cookie {
struct curl_cookie *next; /* if non-NULL, points to the next cookie */
unsigned char *name;
unsigned char *value;
unsigned char *domain; /* or NULL */
unsigned char *path; /* or NULL */
bool secure;
time_t expires; /* 0 means "session-cookie" */
};

... and simplicity is... gone!?
--
Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
Dedicated custom curl help for hire: http://haxx.se/curl.html
Hardeep Nagi
2004-12-30 13:02:38 UTC
Permalink
I want to share cookie for different easy handles. So I have made a global share handle for CURL_LOCK_DATA_COOKIE .

But when I set proxy for that handle, cookies is not shared among the handles. Otherwise without setting the proxy , cookies are shared !

Is the combination sharing cookies and setting proxy some buggy !!

Please let me know, m just finding no way out !





---------------------------------
Do you Yahoo!?
The all-new My Yahoo! – Get yours free!
Daniel Stenberg
2005-01-02 12:23:28 UTC
Permalink
On Thu, 30 Dec 2004, Hardeep Nagi wrote:

Please don't start a new thread by replying to an existing mail. It messes up
threading in mail clients and web archives.
Post by Hardeep Nagi
I want to share cookie for different easy handles. So I have made a global
share handle for CURL_LOCK_DATA_COOKIE .
But when I set proxy for that handle, cookies is not shared among the
handles. Otherwise without setting the proxy , cookies are shared !
Are you possibly using an older libcurl with a bug in the cookie with proxy
code?

--
Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
Dedicated custom curl help for hire: http://haxx.se/curl.html
Hardeep Nagi
2005-01-06 04:38:05 UTC
Permalink
Yes, That was the buggy version I was using.
Now my things are working fine. This bug existed in the version I was using curl-7.12.1 whereas the latest version doesnt hav this bug , curl - 7.12.3
Thanks a lot.

Daniel Stenberg <daniel-***@haxx.se> wrote:
On Thu, 30 Dec 2004, Hardeep Nagi wrote:

Please don't start a new thread by replying to an existing mail. It messes up
threading in mail clients and web archives.
Post by Hardeep Nagi
I want to share cookie for different easy handles. So I have made a global
share handle for CURL_LOCK_DATA_COOKIE .
But when I set proxy for that handle, cookies is not shared among the
handles. Otherwise without setting the proxy , cookies are shared !
Are you possibly using an older libcurl with a bug in the cookie with proxy
code?

--
Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
Dedicated custom curl help for hire: http://haxx.se/curl.html


---------------------------------
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.

Continue reading on narkive:
Loading...