[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev Invalid cookies
From: |
ptr |
Subject: |
lynx-dev Invalid cookies |
Date: |
Fri, 8 Nov 2002 04:51:40 -0800 |
on Thu, 7 Nov 2002 00:05:13 -0500 "Philip Webb" <address@hidden>
>since LP has been amusing himself cleaning up Lynx code,
>here's another bug which has long been waiting to be squished:
It is an irritant, but there is a workaround:
Short answer: use COOKIE_STRICT_INVALID_DOMAINS instead of LOOSE,
if you want to reject the cookie. Read on for the ugly details.
>
>020315 Walter Ian Kaye wrote:
>> What makes a cookie invalid? How can this be fixed/prevented?
>> (And what difference does it make if it's "invalid" anyway?)
The two reasons that I see old lynx (sigh) give are invalid
path and invalid domain.
There's a listing for a bug fixed in 2.8.4dev.21 that is causing
a "invalid cookie path" message.
The "invalid cookie domain" message is not a bug, as far as I've seen.
www.one.two.ogv is not allowed to set a cookie with .two.ogv as
its domain. From RFC2965's list of reasons to reject:
* The request-host is a HDN (not IP address) and has the form HD,
where D is the value of the Domain attribute, and H is a string
that contains one or more dots.
>PW again: that's not the issue: if you say you NEVER want a cookie,
>you shouldn't be asked again by Lynx if you want to accept an invalid one.
Can't argue with that.
I'm running 2.8.3, so I will continue to be irritated, regardless.
Peter G.
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden