Enhance cookie jar implementation with comprehensive RFC 6265 support

This commit adds missing cookie handling cases to improve RFC 6265 compliance:

Cookie Expiration:
- Add expiration checking for both Expires and Max-Age attributes
- Max-Age takes precedence over Expires per RFC 6265
- Automatic removal of expired cookies when processing responses
- Store creation_time for accurate Max-Age calculation

Cookie Management:
- Update/replace existing cookies with same name, domain, and path
- Prevent duplicate cookie entries in the jar
- Consolidate multiple cookies into single Cookie header when sending

Domain Handling:
- Add domain validation to prevent servers from setting cookies for unrelated domains
- Case-insensitive domain matching per RFC 6265
- Handle leading dots in Domain attribute (strip per RFC 6265 Section 5.2.3)
- Subdomain matching for cookies without exact_domain flag

Path Handling:
- Implement RFC 6265 Section 5.1.4 default path computation
- Use request path minus last component when Path attribute not specified
- Fallback to "/" for edge cases

Parser Improvements:
- Add SameSite attribute support (None, Lax, Strict)
- Gracefully ignore unknown/extension cookie attributes instead of failing
- Forward compatibility with future cookie attributes

Other:
- Add time.h include for time() and time_t
- Add http_date_to_time() helper for expiration comparison
- Add is_cookie_expired() helper for expiration checks
- Add compute_default_cookie_path() per RFC 6265
This commit is contained in:
Claude
2025-11-27 09:04:10 +00:00
parent 1ef6187b2d
commit ddae5e721f
7 changed files with 436 additions and 52 deletions
+17
View File
@@ -13,6 +13,7 @@
#include <stdbool.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#ifdef _WIN32
#define WIN32_LEAN_AND_MEAN
@@ -257,6 +258,12 @@ typedef struct {
int second;
} HTTP_Date;
typedef enum {
HTTP_SAMESITE_NONE,
HTTP_SAMESITE_LAX,
HTTP_SAMESITE_STRICT,
} HTTP_SameSite;
typedef struct {
HTTP_String name;
HTTP_String value;
@@ -275,6 +282,9 @@ typedef struct {
bool have_path;
HTTP_String path;
bool have_samesite;
HTTP_SameSite samesite;
} HTTP_SetCookie;
// Parses a Set-Cookie header value
@@ -875,6 +885,13 @@ typedef struct {
// This cookie can only be sent over HTTPS
bool secure;
// Expiration information
bool have_expires;
HTTP_Date expires;
bool have_max_age;
uint32_t max_age;
time_t creation_time; // Unix timestamp when cookie was created
} HTTP_CookieJarEntry;
typedef struct {