[Bug-wget] wget bug re cookies

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] wget bug re cookies

From:	David Oppenheim
Subject:	[Bug-wget] wget bug re cookies
Date:	Tue, 13 Sep 2016 23:46:39 +1000 (EST)

wget has long had a problem with cookies - it does not handle
them the same as browsers. As a consequence it is often not usable
in sites with session logins other than very simple logins,
for example SiteMinder controlled web sites.

Specifically, wget treats a received cookie that does not include 
an explicit domain as having a domain of the host (good) but 
requiring an exact match before that cookie is sent in later replies 
(bad - not like browsers).

So a cookie from foo.com that doesn't set the domain will only
be sent by wget back to foo.com, not to xx.foo.com

This follows RFC 6265 (see section 4.1.2.3).  But is not the way
today's browsers work.

The issue is simply fixed in cookies.c by removing one line :

  /* Sanitize parts of cookie. */

  if (!cookie->domain)
    {
      cookie->domain = xstrdup (host);
  ////      cookie->domain_exact = 1;   // This code obeys RFC 6265 but is not 
the way real browsers behave


I'm happy to discuss further if you're interested.

I think this change would make wget immensely more useful (and
it's very useful already, thanks !)

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] wget bug re cookies, David Oppenheim <=
- Re: [Bug-wget] wget bug re cookies, Tim Ruehsen, 2016/09/13

Prev by Date: [Bug-wget] WordPress downloaded site
Next by Date: Re: [Bug-wget] [PATCH 09/25] Enforce Metalink file name verification, strip directory if necessary
Previous by thread: [Bug-wget] WordPress downloaded site
Next by thread: Re: [Bug-wget] wget bug re cookies
Index(es):
- Date
- Thread