[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Cookie patch: second cut
|
From: |
Andrew Kuchling |
|
Subject: |
Re: LYNX-DEV Cookie patch: second cut |
|
Date: |
Wed, 15 Jan 1997 15:55:53 -0500 (EST) |
Comments aplenty...
Foteos Macrides wrote:
> I don't see how you're dealing with secure cookies. Is it
>via Tom's daemon?
That's just tourist information at the moment; nothing's done
with it. Cookies marked as 'secure' should only be sent over a secure
link, so the standard Lynx could just discard such cookies; future SSL
patches could then change that behaviour. I haven't yet looked at
making it aware that https:// URLs are being handled by Tom's daemon.
I've run into one snag. According to the draft, a Set-Cookie header
can be returned with any HTTP response, including 3xx. However, for
3xx responses, special-case code in HTTP.c / HTLoadHTTP() looks for
the Location header; thus, the HTTP header data is never passed to the
full header parsing in HTMIME.c, where Set-Cookie is checked for (and
there's a call to the patch). Should I just add a check for a
Set-Cookie header in the loop in HTTP.c, or would there be a neater
way to pass the headers to HTMIME.c? And in the event of a 401
(authorization required) response, will Lynx look at the complete HTTP
headers, or will a similar change be required there?
Elijah wrote:
>You are going to make this a user configurable thing right? So the
Yes, though that isn't implemented in this version.
Larry Virden wrote:
>1. While I know how to apply your cookie patch, what else needs to be
>done to use it? For instance, do I need a new -D flag?
No new -D flag is required. (Should the cookie code be made removable
at compile-time, too? Opinions in private e-mail, please...)
> What's the Python program that's included?
A simple, stupid HTTP server that automatically hands out cookies; I
used it in testing, and it's only included by mistake. Ignore it.
>I notice the src/Makefile doesn't get patched
>to include LYCookie.o - will that be added in a future patch?
Oops! Stupid error #2.
>2. As to sites which do cookies, here's a few from my netscape cookie file:
<Lengthy list deleted -- thank you!>
Experimenting with the sites on this list turns up a disturbing fact.
Many sites send the Set-Cookie header only if the browser seems to be
one that supports cookies, based on the browser's User-Agent string.
Thus, if I access www.netscape.com with Lynx 2-6FM's default of
"Lynx/2.6FM libwww-FM/2.14", no attempt is made to set a cookie; to
get a cookie one must change the User-Agent string to "Mozilla/9.06"
or some variant thereof. Hopefully as more browsers implement the
draft, such discrimination will fall out of use.
>P.S. Would lynx-cookies be compatible with netscape cookies?
I'm implementing to the HTTP State Management draft, available
at <ftp://ftp.ietf.org/internet-drafts/draft-ietf-http-state-mgmt-05.txt>.
Theoretically it's backward compatible with Netscape's cookies;
practically... well, we'll see how it works out.
Scott McGee wrote:
> Try http://www.realaudio.com.
Good one! That site broke my handling of the expires
attribute.
David Combs wrote:
>This NEWER version of your cookie patch -- newer than your
>email saying that your THEN version did NOT work
>on my.yahoo.com -- does THIS version work there? (I cannot so easily
No, not yet. I'm not sure why not; it doesn't seem to be
related to the problem with 3xx responses mentioned above, and the
site doesn't seem to rely on JavaScript.
>Anyway, if it DOES, any chance of getting Fote et all adding it to
>their soon-to-be-tested soon-beta composite version?
It probably won't be completed in time for Lynx 2.7; probably
it'll get in to the version after that.
Andrew Kuchling
address@hidden
http://www.magnet.com/~amk/
Save the Gutenberg Project! http://www.promo.net/pg/nl/pgny_nov96.html
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;