lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev tvgen cookie problem

From: brian j. pardy
Subject: Re: lynx-dev tvgen cookie problem
Date: Sun, 11 Oct 1998 12:08:54 -0700 
David Woolley wrote:
> > 
> > The  problem of accessing the tvgen website has still not been resolved.
> > Could someone familiar with cookie handling please take a look? -- or direct
> > me to documentation on cookies so I can pursue it myself?
> 
> RFC 2109
> 
> > Someone (I can't remember who) suggested that the problem might be
> > that lynx is presenting cookies to the server in reverse order.
> > Someone else suggested there might be a spurious newline in the cookie
> > file (buffer overflow). Still others suggested the site is broken.
> 
> If presenting them in reverse order, causes a problem, it would imply
> that the site was broken, not Lynx:
> 
>    If multiple cookies satisfy the criteria above, they are ordered in
>    the Cookie header such that those with more specific Path attributes
>    precede those with less specific.  Ordering with respect to other
>    attributes (e.g., Domain) is unspecified.
> 
> i.e. order of arrival is not a condition and there are conditions which
> may cause order of arrival to be violated.

That's what I had expected.

The latest patch I made to cookie handling makes sure that Lynx stores
cookies internally in the same order that it reads them from the
COOKIE_FILE. I don't think this would be leading Lynx towards broken
behavior, and if it helps Lynx be compatible with broken sites (while
still following spec) I don't think it's a problem.

> The other thing to consider with so many cookies is that there may be
> some danger of violating the minimum implementation limits, or of 
> unecessarily limiting the number of sites for which a minimum implementation
> can track cookies (i.e. at the full 20 cookies, one can only track 15 sites
> for a total of 300):
> 
>       * at least 300 cookies
> 
>       * at least 4096 bytes per cookie (as measured by the size of the
>         characters that comprise the cookie non-terminal in the syntax
>         description of the Set-Cookie header)
> 
>       * at least 20 cookies per unique host or domain name
> 
>    User agents created for specific purposes or for limited-capacity
>    devices should provide at least 20 cookies of 4096 bytes, to ensure
>    that the user can interact with a session-based origin server.

Presently cookies are hardcoded to a maximum of 50 in LYCookie.c. We
should probably change this to a user-settable amount prior to 2.8.1.

-- 
does your DRESSING ROOM have enough ASPARAGUS?
How can you work when the system's so crowded?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]