-#include <config.h>
-#include "types.h"
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <locale.h>
-#include <string.h>
-#include <stdarg.h>
-
-#include "client.h"
-#include "sink.h"
-#include "hash.h"
-#include "mem.h"
-#include "log.h"
-#include "configuration.h"
-#include "disorder.h"
-#include "api-client.h"
-#include "mime.h"
-#include "printf.h"
-#include "url.h"
-#include "macros.h"
-#include "macros-disorder.h"
-#include "cgi.h"
-#include "actions.h"
-#include "defs.h"
-
-/** @brief Return true if @p a is better than @p b
- *
- * NB. We don't bother checking if the path is right, we merely check for the
- * longest path. This isn't a security hole: if the browser wants to send us
- * bad cookies it's quite capable of sending just the right path anyway. The
- * point of choosing the longest path is to avoid using a cookie set by another
- * CGI script which shares a path prefix with us, which would allow it to
- * maliciously log users out.
- *
- * Such a script could still "maliciously" log someone in, if it had acquired a
- * suitable cookie. But it could just log in directly if it had that, so there
- * is no obvious vulnerability here either.
- */
-static int better_cookie(const struct cookie *a, const struct cookie *b) {
- if(a->path && b->path)
- /* If both have a path then the one with the longest path is best */
- return strlen(a->path) > strlen(b->path);
- else if(a->path)
- /* If only @p a has a path then it is better */
- return 1;
- else
- /* If neither have a path, or if only @p b has a path, then @p b is
- * better */
- return 0;
-}