[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Version 0 cookie suggestion & minimal patch
From: |
brian j. pardy |
Subject: |
Re: lynx-dev Version 0 cookie suggestion & minimal patch |
Date: |
Tue, 27 Oct 1998 21:35:03 -0800 |
Risto Widenius wrote:
[big snip]
> Would it be considered a security problem to relax the cookie sanity
> checking for version 0 (old) cookies _only when_ the user has
> accept_all_cookies set? As it is, Lynx already does accept cookies
> with invalid Domain attribute when accept_all_cookies is set.
>
> I suggest the following change to LYCookie.c (for brevity's sake the
> patch doesn't fix indentation in the relevant passage of code). The
> patch is against lynx2.8.1pre11. I believe this would solve some of
> the recurrent cookie problems that have been unsolved in the past.
I haven't noticed any sites I've had the problem with, but I agree with
your thoughts here...
--
Old soldiers never die. Young ones do.