Agreed! After some more digging the cookie is definitely not sent in the torrent GET request which is why things go wrong.
GET /download.php/…/NAME.torrent HTTP/1.1
User-Agent: Sonarr/2.0.0.3004 (Linux 3.13)
Accept: application/x-bittorrent
Content-Length: 0
Connection: close
Host: www.bitmetv.org
Accept-Encoding: gzip
And that’s it - but it does go out with the rss.php request.
The cookie I use (copied from real req) in is is of the form: _cfduid=X; PHPSESSID=X; uid=X; pass=X; LAST_BROWSE=X
Any ideas why it wouldn’t be sent?