"Paul Marquess" <[EMAIL PROTECTED]> writes:
> This is from UserAgent::request (LWP 5.76) where it is dealing with a
> redirect response
>
> # These headers should never be forwarded
> $referral->remove_header('Host', 'Cookie');
>
> I've found that while writing a script to automate logging on to Yahoo Web
> mail, I've needed to change this behaviour in a private copy of
> UserAgent::request to retain the Cookies.
The reason the Cookie headers are removed is that they will be added
automatically again if the redirect goes to a place that requires
cookies. This happens even if the redirect goes to the same place as
the original request.
> FYI, logging onto Yahoo involves
> dealing with a series of 302 responses. The first of these responses (from
> http://login.yahoo.com), is a 302 that redirects back to itself - this
> response has a Set-Cookie header that is needed to be applied to the
> redirection request to continue with the login.
That should just work. If it does not it is a bug.
> Apart from the fact that this behaviour is being used in the wild, my
> reading of RFC 2109 is that this use of a Set-Cookie is ok because the
> domain attribute in the Cookie still refers to ".yahoo.com".
Can you provide a trace of sequence of request/responses that are
exchanged and the content of the cookie_jar as this happens.
Regards,
Gisle
