[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV quote.yahoo.com, and cookies in general
From: |
Foteos Macrides |
Subject: |
Re: LYNX-DEV quote.yahoo.com, and cookies in general |
Date: |
Tue, 02 Dec 1997 14:25:42 -0500 (EST) |
Matt Ackeret <address@hidden> wrote:
>> Interestingly enough, I suspect that the answer to your first problem is
^^^^^^^^^^^^^^^^^^^^
>> in your second question. When you sign up for a yahoo account, you get
>> a login cookie. Each future access to the yahoo login looks for that
>> cookie. But since lynx doesn't currently support persistent cookies (aka
>> the cookie jar) yahoo doesn't find it, and thus sends you off to the page
>> telling you why your browser needs to support cookies. They need to update
>> that page to indicate that your browser needs to support the SAVING of
>> cookies between sessions...
>
>Well, I just tried *creating* an account with Lynx, hoping that I could
>prove your theory.. (since if I create it, and then try to log on during the
>same session, it should work.)
>
>Well, I can't even create an account.
>
>I never get past the "Create account now" button.. (Actually I did, once,
>when I used the same name "testlynx" and password.. but I got to an error
>screen telling me the name and password were the same... basically _another_
>signup form.. )
>
>At this second signup form, at the "Create account now" submit button,
>I get
>Redirection of POST content. P)roceed, see U)RL, use G)ET or C)ancel
>
>and Proceed does nothing/I get back to where I started.. (in other words,
>I'm not sure if it's doing ANYTHING).
>
>G)et gets me to the same error screen as I got when I tried to _log in_ from
>lynx originally..
>
>Siiiigh.. something's strange here.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Interestingly enough, not a single participant in this thread
has used TRACE mode to see what Lynx reports to help you understand the
"problem" (Siiigh.. something's strange here, that even long-time
lynx-dev regulars have not yet learned to do that).
If anyone should, messages such as this would be seen:
store_cookie: Rejecting domain '.yahoo.com' for host 'edit.my.yahoo.com'.
due this code in store_cookie() of LYCookie.c:
/*
* Section 4.3.2, condition 4: The request-host is a FQDN (not IP
* address) and has the form HD, where D is the value of the Domain
* attribute, and H is a string that contains one or more dots.
*/
ptr = ((hostname + strlen(hostname)) - strlen(co->domain));
if (strchr(hostname, '.') < ptr) {
if (TRACE)
fprintf(stderr,
"store_cookie: Rejecting domain '%s' for host '%s'.\n",
co->domain, hostname);
freeCookie(co);
co = NULL;
return;
}
based on this in all of the IETF cookie drafts and RFC, e.g., from
the current draft:
[...]
4.3.2 Rejecting Cookies To prevent possible security or privacy
violations, a user agent rejects a cookie (shall not store its
information) if any of the following is true of the attributes
explicitly present in the Set-Cookie2 response header:
[...]
* The request-host is a HDN (not IP address) and has the form HD,
where D is the value of the Domain attribute, and H is a string
that contains one or more dots.
[...]
Examples:
* A Set-Cookie2 from request-host y.x.foo.com for Domain=.foo.com
would be rejected, because H is y.x and contains a dot.
[...]
The H in this case is "edit.my", and contains a dot.
Fote
=========================================================================
Foteos Macrides Worcester Foundation for Biomedical Research
address@hidden 222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================