Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx)

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx)

From:	Klaus Weide
Subject:	Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx)
Date:	Tue, 29 Dec 1998 11:19:56 -0600 (CST)

On Tue, 29 Dec 1998, Risto Widenius wrote:

> Agreed. As the person who proposed the patch under discussion, I wish
> to defend myself by reminding that by that time, LYAcceptAllCookies
> was already used to allow invalid cookies. I just expanded the
> behaviour, um, slightly.

I understand that, I just think that aspect of LYAcceptAllCookies should
be moved to a separate flag (or other way to control it).

> I can live without it being part of the Lynx distribution, but I
> believe keeping such an option would help many other people to cope
> with sites that don't follow the specs. Wasn't it a part of the
> philosophy -- to deal with the real world?

I think we have no problem with that - it's just that the changes were
too permissive.  (After all, the people complaining when browsers allow
too much cookie sharing are also part of the real world.)

We should examine the initial checks in store_cookie one by one, and
determine if and how they should be skipped if "less checking" is
requested (in a not-yet-determined way).

We have a choice between 1. Don't Bypass Check (Reject), 2. Bypass
(Allow), 3. Prompt.  Also, if "less checking" is _not_ requested, we can
1. Reject Cookie, or 4.  Reject Or Prompt.  (Or we could think of
some other choices.)

This seems to be the current behavior (2-8-2dev, for version 0 cookies):

             LYAcceptAllCookies==FALSE LYAcceptAllCookies==TRUE
4.3.2 cond.1        1.                     2.      # path match
  ?                 1.                     2.      # at least 1 dot
4.3.2 cond.2        1.                     2.      # domain not top-level
4.3.2 cond.3        1.                     2.      # domain match?
4.3.2 cond.4        4.                     2.      # too many dots in host

Many sites may try to follow the specs, but only the original Netscape
"Preliminary Specification".  Some cookies are invalid according to
the spec which lynx implements, but not according to the Netscape spec.
Allowing just those when "less checking" is requested may be what is
needed.

    Klaus

[Prev in Thread]

Current Thread

[Next in Thread]

Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx), brian j. pardy, 1998/12/28
- Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx), Klaus Weide, 1998/12/29
  - Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx), brian j. pardy, 1998/12/29
    - Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx), brian j. pardy, 1998/12/29
    - Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx), Klaus Weide, 1998/12/29
    - Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx), Klaus Weide, 1998/12/29
    - Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx), brian j. pardy, 1998/12/29
- Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx), Risto Widenius, 1998/12/29
  - Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx), Klaus Weide <=

Prev by Date: lynx-dev Re: Problem (fwd)
Next by Date: Re: lynx-dev Re: Problem (fwd)
Previous by thread: Re: lynx-dev Accepting invalid cookies - was: cookie bug (not in lynx)
Next by thread: lynx-dev going back to the frame-page owning the current frame?
Index(es):
- Date
- Thread