lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV quote.yahoo.com, and cookies in general


From: Foteos Macrides
Subject: Re: LYNX-DEV quote.yahoo.com, and cookies in general
Date: Tue, 02 Dec 1997 14:25:42 -0500 (EST)

Matt Ackeret <address@hidden> wrote:
>> Interestingly enough, I suspect that the answer to your first problem is
   ^^^^^^^^^^^^^^^^^^^^
>> in your second question.  When you sign up for a yahoo account, you get
>> a login cookie.  Each future access to the yahoo login looks for that
>> cookie.  But since lynx doesn't currently support persistent cookies (aka
>> the cookie jar) yahoo doesn't find it, and thus sends you off to the page
>> telling you why your browser needs to support cookies.  They need to update
>> that page to indicate that your browser needs to support the SAVING of
>> cookies between sessions...
>
>Well, I just tried *creating* an account with Lynx, hoping that I could
>prove your theory.. (since if I create it, and then try to log on during the
>same session, it should work.)
>
>Well, I can't even create an account.
>
>I never get past the "Create account now" button..  (Actually I did, once,
>when I used the same name "testlynx" and password.. but I got to an error
>screen telling me the name and password were the same... basically _another_
>signup form.. )
>
>At this second signup form, at the "Create account now" submit button, 
>I get 
>Redirection of POST content. P)roceed, see U)RL, use G)ET or C)ancel
>
>and Proceed does nothing/I get back to where I started.. (in other words,
>I'm not sure if it's doing ANYTHING).
>
>G)et gets me to the same error screen as I got when I tried to _log in_ from
>lynx originally..
>
>Siiiigh..  something's strange here.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

        Interestingly enough, not a single participant in this thread
has used TRACE mode to see what Lynx reports to help you understand the
"problem" (Siiigh..  something's strange here, that even long-time
lynx-dev regulars have not yet learned to do that).

        If anyone should, messages such as this would be seen:
        
store_cookie: Rejecting domain '.yahoo.com' for host 'edit.my.yahoo.com'.


due this code in store_cookie() of LYCookie.c:

        /*
         *  Section 4.3.2, condition 4: The request-host is a FQDN (not IP
         *  address) and has the form HD, where D is the value of the Domain
         *  attribute, and H is a string that contains one or more dots.
         */
        ptr = ((hostname + strlen(hostname)) - strlen(co->domain));
        if (strchr(hostname, '.') < ptr) {
            if (TRACE)
                fprintf(stderr,
                        "store_cookie: Rejecting domain '%s' for host '%s'.\n",
                        co->domain, hostname);
            freeCookie(co);
            co = NULL;
            return;
        }


based on this in all of the IETF cookie drafts and RFC, e.g., from
the current draft:

[...]
4.3.2  Rejecting Cookies  To prevent possible security or privacy
violations, a user agent rejects a cookie (shall not store its
information) if any of the following is true of the attributes
explicitly present in the Set-Cookie2 response header:
[...]
   * The request-host is a HDN (not IP address) and has the form HD,
     where D is the value of the Domain attribute, and H is a string
     that contains one or more dots.
[...]
Examples:

   * A Set-Cookie2 from request-host y.x.foo.com for Domain=.foo.com
     would be rejected, because H is y.x and contains a dot.
[...]


        The H in this case is "edit.my", and contains a dot.
        
                                Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 address@hidden         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================

reply via email to

[Prev in Thread] Current Thread [Next in Thread]