Mercurial > hgrepos > Python2 > PyMuPDF
comparison mupdf-source/thirdparty/curl/docs/HTTP-COOKIES.md @ 2:b50eed0cc0ef upstream
ADD: MuPDF v1.26.7: the MuPDF source as downloaded by a default build of PyMuPDF 1.26.4.
The directory name has changed: no version number in the expanded directory now.
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Mon, 15 Sep 2025 11:43:07 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 1:1d09e1dec1d9 | 2:b50eed0cc0ef |
|---|---|
| 1 # HTTP Cookies | |
| 2 | |
| 3 ## Cookie overview | |
| 4 | |
| 5 Cookies are `name=contents` pairs that a HTTP server tells the client to | |
| 6 hold and then the client sends back those to the server on subsequent | |
| 7 requests to the same domains and paths for which the cookies were set. | |
| 8 | |
| 9 Cookies are either "session cookies" which typically are forgotten when the | |
| 10 session is over which is often translated to equal when browser quits, or | |
| 11 the cookies aren't session cookies they have expiration dates after which | |
| 12 the client will throw them away. | |
| 13 | |
| 14 Cookies are set to the client with the Set-Cookie: header and are sent to | |
| 15 servers with the Cookie: header. | |
| 16 | |
| 17 For a very long time, the only spec explaining how to use cookies was the | |
| 18 original [Netscape spec from 1994](https://curl.haxx.se/rfc/cookie_spec.html). | |
| 19 | |
| 20 In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally | |
| 21 published and details how cookies work within HTTP. In 2016, an update which | |
| 22 added support for prefixes was | |
| 23 [proposed](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00), | |
| 24 and in 2017, another update was | |
| 25 [drafted](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01) | |
| 26 to deprecate modification of 'secure' cookies from non-secure origins. Both | |
| 27 of these drafs have been incorporated into a proposal to | |
| 28 [replace](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02) | |
| 29 RFC6265. Cookie prefixes and secure cookie modification protection has been | |
| 30 implemented by curl. | |
| 31 | |
| 32 ## Cookies saved to disk | |
| 33 | |
| 34 Netscape once created a file format for storing cookies on disk so that they | |
| 35 would survive browser restarts. curl adopted that file format to allow | |
| 36 sharing the cookies with browsers, only to see browsers move away from that | |
| 37 format. Modern browsers no longer use it, while curl still does. | |
| 38 | |
| 39 The netscape cookie file format stores one cookie per physical line in the | |
| 40 file with a bunch of associated meta data, each field separated with | |
| 41 TAB. That file is called the cookiejar in curl terminology. | |
| 42 | |
| 43 When libcurl saves a cookiejar, it creates a file header of its own in which | |
| 44 there is a URL mention that will link to the web version of this document. | |
| 45 | |
| 46 ## Cookies with curl the command line tool | |
| 47 | |
| 48 curl has a full cookie "engine" built in. If you just activate it, you can | |
| 49 have curl receive and send cookies exactly as mandated in the specs. | |
| 50 | |
| 51 Command line options: | |
| 52 | |
| 53 `-b, --cookie` | |
| 54 | |
| 55 tell curl a file to read cookies from and start the cookie engine, or if it | |
| 56 isn't a file it will pass on the given string. -b name=var works and so does | |
| 57 -b cookiefile. | |
| 58 | |
| 59 `-j, --junk-session-cookies` | |
| 60 | |
| 61 when used in combination with -b, it will skip all "session cookies" on load | |
| 62 so as to appear to start a new cookie session. | |
| 63 | |
| 64 `-c, --cookie-jar` | |
| 65 | |
| 66 tell curl to start the cookie engine and write cookies to the given file | |
| 67 after the request(s) | |
| 68 | |
| 69 ## Cookies with libcurl | |
| 70 | |
| 71 libcurl offers several ways to enable and interface the cookie engine. These | |
| 72 options are the ones provided by the native API. libcurl bindings may offer | |
| 73 access to them using other means. | |
| 74 | |
| 75 `CURLOPT_COOKIE` | |
| 76 | |
| 77 Is used when you want to specify the exact contents of a cookie header to | |
| 78 send to the server. | |
| 79 | |
| 80 `CURLOPT_COOKIEFILE` | |
| 81 | |
| 82 Tell libcurl to activate the cookie engine, and to read the initial set of | |
| 83 cookies from the given file. Read-only. | |
| 84 | |
| 85 `CURLOPT_COOKIEJAR` | |
| 86 | |
| 87 Tell libcurl to activate the cookie engine, and when the easy handle is | |
| 88 closed save all known cookies to the given cookiejar file. Write-only. | |
| 89 | |
| 90 `CURLOPT_COOKIELIST` | |
| 91 | |
| 92 Provide detailed information about a single cookie to add to the internal | |
| 93 storage of cookies. Pass in the cookie as a HTTP header with all the details | |
| 94 set, or pass in a line from a netscape cookie file. This option can also be | |
| 95 used to flush the cookies etc. | |
| 96 | |
| 97 `CURLINFO_COOKIELIST` | |
| 98 | |
| 99 Extract cookie information from the internal cookie storage as a linked | |
| 100 list. | |
| 101 | |
| 102 ## Cookies with javascript | |
| 103 | |
| 104 These days a lot of the web is built up by javascript. The webbrowser loads | |
| 105 complete programs that render the page you see. These javascript programs | |
| 106 can also set and access cookies. | |
| 107 | |
| 108 Since curl and libcurl are plain HTTP clients without any knowledge of or | |
| 109 capability to handle javascript, such cookies will not be detected or used. | |
| 110 | |
| 111 Often, if you want to mimic what a browser does on such web sites, you can | |
| 112 record web browser HTTP traffic when using such a site and then repeat the | |
| 113 cookie operations using curl or libcurl. |