[Cross-posted from lib-curl mailing list]

I have a single threaded app (MSVC C++ 2005) build against a static LIBCURL 7.19.4

A test application connects to an in house server & performs a bespoke authentication process that includes posting a couple of forms, and when this succeeds creates a new resource (POST) and then updates the resource (PUT) using If-Match.

I only use a single connection to libcurl (i.e. only one CURL*)

The cookie engine is enabled from the start using curl_easy_setopt(CURLOPT_COOKIEFILE, "")

The cookie cache is cleared at the end of the authentication process using curl_easy_setopt(CURLOPT_COOKIELIST, "SESS"). This is required by the authentication process.

The next call, which completes a successful authentication, results in a couple of security cookies being returned from the server - they have no expiry date set.

The server (and I) expect the security cookies to then be sent with all subsequent requests to the server. The problem is that sometimes they are sent and sometimes they aren't.

I'm not a CURL expert, so I'm probably doing something wrong, but I can't figure out what. Running the test app in a loop results shows a random distribution of correct cookie handling.

As a workaround I've disabled the cookie engine and am doing basic manual cookie handling. Like this it works as expected, but I'd prefer to use the library if possible.

Does anyone have any ideas?

Thanks Seb