Re: lynx-dev strange cookie behavior

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev strange cookie behavior

From:	brian j. pardy
Subject:	Re: lynx-dev strange cookie behavior
Date:	Sun, 18 Oct 1998 18:25:28 -0700

Larry W. Virden wrote:
> I run lynx with persistent cookies and accept all.  On
> <URL:http://www.onelist.com/> the cookies are used to keep track of your
> account.  One that site I have two accounts, that I switch between.
> I can do this just fine using Netscape, but with lynx I am unable to get
> this to work.  I will attempt soon to capture a Lynx.trace of the
> situation - it's just I don't know how best to do this and ensure that
> my passwords are not compromised.
> 
> Has anyone else noticed a problem with a site that insists that you 'logout'
> of one account before using another.  Surely more than just me has multiple
> family members using a common browser.

It looks to me like the server is asking us to blank out the information
in the cookies that we have. 


GET http://www.onelist.com/logout.cgi HTTP/1.0
Host: www.onelist.com
[delete Accept: headers for legibility -bjp]
Negotiate: trans
User-Agent: Lynx/2.8.1pre.11 libwww-FM/2.14
Referer: http://www.onelist.com/
Cookie2: $Version="1"
Cookie: address@hidden; pid=pk.cuB6f964yk

----------------------------------
Sending HTTP request.
HTTP: WRITE delivered OK
HTTP request sent; waiting for response.
HTTP: Trying to read 1023
HTTP: Read 675
Read 675 bytes of data.
HTTP: Rx: HTTP/1.0 200 OK 
HTTP: Scanned 2 fields from line_buffer
--- Talking HTTP1.
HTTP/1.0 200 OK
HTFormat: Constructing stream stack for www/mime to www/present
HTFormat: Looking up presentation for www/mime to www/present
HTFormat: comparing image/* and www/mime for half match
HTFormat: comparing audio/* and www/mime for half match
StreamStack: found weak wildcard match: www/present
FindPresentation: found exact match: www/mime
StreamStack: found exact match: www/mime
HTMIME:  Date: Mon, 19 Oct 1998 01:02:17 GMT
Server: Apache/1.2.4
Set-Cookie: uid=; path=/
Set-Cookie: pid=; path=/
Content-Type: text/html
Age: 114
X-Cache: MISS from odin
Proxy-Connection: close

[delete html from the page -bjp]
HTMIME: Got 'D' at beginning of line, checking for 'ate:'
HTMIME: PICKED UP Date: 'Mon, 19 Oct 1998 01:02:17 GMT'
HTMIME: Got 'S' at beginning of line, state now S
HTMIME: Was S, found E, state now SE'
HTMIME: Was SE, found R, checking for 'ver'
HTMIME: PICKED UP Server: 'Apache/1.2.4'
HTMIME: Got 'S' at beginning of line, state now S
HTMIME: Was S, found E, state now SE'
HTMIME: Was SE, found T, checking for '-cookie'
HTMIME: Was SET_COOKIE, found :, processing
HTMIME: PICKED UP Set-Cookie: 'uid=; path=/'
HTMIME: Got 'S' at beginning of line, state now S
HTMIME: Was S, found E, state now SE'
HTMIME: Was SE, found T, checking for '-cookie'
HTMIME: Was SET_COOKIE, found :, processing
HTMIME: PICKED UP Set-Cookie: 'pid=; path=/'
HTMIME: Got 'C' at beginning of line, state now C
HTMIME: Was C, found O, state now CO'
HTMIME: Was CO, found N, state now CON
HTMIME: Was CON, found T, checking for 'ent-'
HTMIME: in case CONTENT_
HTMIME: Was CONTENT_, found T, state now CONTENT_T
HTMIME: in case CONTENT_T
HTMIME: Was CONTENT_T, found Y, checking for 'pe:'
HTMIME: PICKED UP Content-Type: 'text/html'
HTMIME: Got 'A' at beginning of line, state now A
HTMIME: Was A, found G, checking for 'e:'
HTMIME: PICKED UP Age: '114'
HTMIME: Got 'P' at beginning of line, state now P
HTMIME: Was P, found R, state now PR'
HTMIME: Was PR, found O, checking for 'xy-authenticate'
HTMIME: Bad character `C' found where `authenticate:' expected
HTMIME: MIME Content-Type is 'text/html', converting to 'www/present'
HTParse: aName:http://www.onelist.com/logout.cgi   relatedName:
HTParse: result:www.onelist.com
HTParse: aName:http://www.onelist.com/logout.cgi   relatedName:
1
HTParse: result:/logout.cgi
LYSetCookie called with host 'www.onelist.com', path '/',
    and Set-Cookie: 'uid=; path=/, pid=; path=/'
[nothing after this except HTML handling]

This comment is in LYCookie.c:

    /*
     *  If we have both Set-Cookie and Set-Cookie2 headers.
     *  process the Set-Cookie2 header.  Otherwise, process
     *  whichever of the two headers we do have.  Note that
     *  if more than one instance of a valued attribute for
     *  the same cookie is encountered, the value for the
     *  first instance is retained.  We only accept up to 50
     *  cookies from the header, and only if a cookie's values
     *  do not exceed the 4096 byte limit on overall size. - FM
     */

Which *sounds* to me like FM was saying we ignore attempts at updating an
existing cookie. Am I parsing this right?

I haven't looked any further into the code, but will now.

-- 
Beware of a dark-haired man with a loud tie.
"HELP MY MAN PAGES AARE! DYING WITH THE SIGNALT 11!" -morat

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev strange cookie behavior, Larry W. Virden, 1998/10/18
- Re: lynx-dev strange cookie behavior, brian j. pardy <=
- Re: lynx-dev strange cookie behavior, David Woolley, 1998/10/20

Prev by Date: Re: lynx-dev bug still remaining in latest development release of lynx
Next by Date: Re: lynx-dev bug still remaining in latest development release of lynx
Previous by thread: lynx-dev strange cookie behavior
Next by thread: Re: lynx-dev strange cookie behavior
Index(es):
- Date
- Thread