cookies: support creation-time attribute for cookies

According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524
2026-04-15 01:01:41 +03:00 · 2018-08-28 11:28:50 +02:00 · 2018-08-28 11:28:50 +02:00 · e2ef8d6fa1
commit e2ef8d6fa1
parent b842fa3110
12 changed files with 120 additions and 82 deletions
--- a/lib/cookie.h
+++ b/lib/cookie.h
@ -34,7 +34,7 @@ struct Cookie {
  char *domain;      /* domain = <this> */
  curl_off_t expires;  /* expires = <this> */
  char *expirestr;   /* the plain text version */
-  bool tailmatch;    /* weather we do tail-matchning of the domain name */
+  bool tailmatch;    /* whether we do tail-matching of the domain name */

  /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
  char *version;     /* Version = <value> */
@ -43,6 +43,7 @@ struct Cookie {
  bool secure;       /* whether the 'secure' keyword was used */
  bool livecookie;   /* updated from a server, not a stored file */
  bool httponly;     /* true if the httponly directive is present */
+  int creationtime;  /* time when the cookie was written */
 };

 #define COOKIE_HASH_SIZE 256
@ -55,6 +56,7 @@ struct CookieInfo {
  bool running;    /* state info, for cookie adding information */
  long numcookies; /* number of cookies in the "jar" */
  bool newsession; /* new session, discard session cookies on load */
+  int lastct;      /* last creation-time used in the jar */
 };

 /* This is the maximum line length we accept for a cookie line. RFC 2109