[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Re: Gimmie a Cookie
|
From: |
Benjamin C. W. Sittler |
|
Subject: |
Re: LYNX-DEV Re: Gimmie a Cookie |
|
Date: |
Tue, 3 Dec 1996 19:40:57 -0700 (MST) |
On Tue, 3 Dec 1996, Hiram Lester, Jr. wrote:
> Have you guys actually read the draft that Fote posted the URL to when he
> implemented the recognition of the Set-Cookie: header? If not, the url is
> listed in the changes file. Read it... the whole thing... :) I can tell
> Wayne has looked at it. :) It addresses these issues...
I assume you are referring to the "HTTP State Management Mechanism" draft
[1], in which case the answer is yes. I think Lynx should implement it
fully (assuming it even handles cookies.)
[snip!]
> On Tue, 3 Dec 1996, Scott McGee (Personal) wrote:
> > If anyone DOES hack in cookie support, let me make a request. First, don't
> > forget to provide something like NS does to inform you of a cookie attempt.
> > Then, if someone wants to set a cookie, provide a further option to let them
> > set the cookie and then immediatly delete it. Why? I hate it when a site
> > wants
> > to set cookies with LOTS of unknown data in them, and will refuse me access
> > if
> > I decline.
> >
> > Maybe we could even have options to only keep cookies for the current
> > session.
> On Tue, 3 Dec 1996, Benjamin C. W. Sittler wrote:
> > ... or perhaps a cookie editor, where you can mark a bunch of cookies
> > (like DIRED mode) and then remove all of them. The same editor could be
> > used to inspect their contents, zones, and lifetimes.
> >
> > Just an idea.
> Ok, read the draft. It covers these issues of security very well. One of
> the two main authors of the draft in Lou Montoulli who was one of the
> primary people in early Lynx development before he went to Netscape.
> Netscape's alerting you to cookies in 3.0+ is their attempt at BEGINNING
> to apply the standards mentioned in the draft. If cookie support is put
> into Lynx, it should not be a "hack", but should be implemented properly
> according the the draft which would entail all of the stuff mentioned
> above in addition to complete disabling of cookies if the user so desires.
> (It might even default to disabled unless you explicitly enabled it.) The
> draft specifies that the user should have complete control over which
> cookies are sent and received including editing/deleting cookies, etc. If
> you're really interested in this, read Netscape's unofficial standard
> (look in a Netscape cookies.txt file for the URL) and the draft mentioned
> above (look in the Lynx CHANGES file for the URL or follow the link in the
> HTML'ized CHANGES file on my site). :)
Yes, I am aware of the cookie-management proposed in the draft, I was just
hoping to have the user interface for it be consistent with the existing
part of Lynx which seems most similar, namely DIRED. I was thinking of
something along the lines of a cookie folder that would let me mark an
arbitrary number of the cookies, and do things like view, delete, mark as
ageless (i.e. not thrown out to make room for new cookies except as a last
resort), and download to a disk file (especially useful when you don't
like annoying dialogs asking you whether to save any cookies when you
exit), create (or, alternatively, "upload" from disk to cookie folder),
and edit.
[1] HTTP State Management Mechanism
http://204.178.16.7/~dmk/cookie.txt
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;