curl/tests/data/test27
Daniel Stenberg 7f7fcd0d75 cookies: first n/v pair in Set-Cookie: is the cookie, then parameters
RFC 6265 section 4.1.1 spells out that the first name/value pair in the
header is the actual cookie name and content, while the following are
the parameters.

libcurl previously had a more liberal approach which causes significant
problems when introducing new cookie parameters, like the suggested new
cookie priority draft.

The previous logic read all n/v pairs from left-to-right and the first
name used that wassn't a known parameter name would be used as the
cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be
a cookie named 'person' while an RFC 6265 compliant parser should
consider that to be a cookie named 'Max-Age' with an (unknown) parameter
'person'.

Fixes #709
2016-03-10 11:26:12 +01:00

57 lines
809 B
Plaintext

<testcase>
<info>
<keywords>
HTTP
HTTP GET
cookies
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 200 Mooo swsclose
Connection: close
Set-Cookie: thewinneris=nowayyouwin; path=/;
Content-Length: 8
*flopp*
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
Get same cookie page several times
</name>
<command>
"http://%HOSTIP:%HTTPPORT/want/{27,27,27}" -b none
</command>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent: curl.*
</strip>
<protocol>
GET /want/27 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /want/27 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
Cookie: thewinneris=nowayyouwin
GET /want/27 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
Cookie: thewinneris=nowayyouwin
</protocol>
</verify>
</testcase>