Description: ------------ When I use the library to access yahoo's domain hk.auctions.yahoo.com, the page set a cookie for bid.yahoo.com but it is not allowed even though they're both under yahoo.com It throw this exception: - Error: Domain hk.auctions.yahoo.com cannot set cookies for bid.yahoo.com However, from the IE or Firefox browser this behavior seems to be ok, maybe the library should update to match the browser behavior or has an option to allow turn on/off this strict checking? Thanks!

please provide more detail, e.g. some example code that demonstrates your issue. not checking domains would require you to do the checks your own. if you report with the browsers only how they feel when used, it's probably a different domain given in the concrete cookie? otherwise checks with publicsuffix.org must be done for cookie domain validation if you'd like to mimic browser behavior.

All cookie specifications require tail matching, so hk.auctions.yahoo.com can set cookies for hk.auctions.yahoo.com, .auctions.yahoo.com, .yahoo.com (but not .com). I highly doubt that browsers will accept cookie for bid.yahoo.com from hk.auctions.yahoo.com, but I'll try consulting Chrome's or Mozilla's source just in case.

OK, here are the docs for Chromium's CookieMonster: https://www.chromium.org/developers/design-documents/network-stack/cookiemonster The relevant part: > The domain of the cookie must be a suffix of the domain from which the response was received. So Chrome will not accept a cookie for for bid.yahoo.com from hk.auctions.yahoo.com after all. Of course it does not show any exception either. So reclassifying this a feature request to be able to silently ignore invalid cookies, see also request #19937

Implemented in Git: https://github.com/pear/HTTP_Request2/commit/ff4c09ef4c939c98fe1fda0f011226dcbeeba19e The CookieJar class now has an ignoreInvalidCookies() knob, setting it to true will prevent throwing exceptions for invalid cookies.