[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Lynx overly zealous about rejecting "invalid" Cookies
|
From: |
David Woolley |
|
Subject: |
Re: lynx-dev Lynx overly zealous about rejecting "invalid" Cookies |
|
Date: |
Wed, 26 May 1999 08:25:17 +0100 (BST) |
> From: address@hidden (Concealed Sender)
Please use your real name in email headers if you want to be
taken seriously.
> User complaint: gnatsweb 2.3 + CGI.pm 2.51 + Apache 1.3.6 "works
> fine with Netscape and IE; doesn't retain login information in
> lynx."
This can be said of most HTML and HTTP protocol violations. Simply
ignoring them leads to a situation where the protocol specification is
worthless and you must empirically test every possibility against the
big two browsers to establish the true specification - if people can
violate the protocol they will as most people just cut and paste broken
examples.
> Lynx 2.8.1rel.2: silently discards Cookie; trace log records:
> store_cookie: Rejecting because '/cgi-bin/' is not a prefix of '/cgi-bin'.
>
> Lynx 2.8.2pre.7: prompts user:
> Accept invalid cookie path=/cgi-bin/ as a prefix of '/cgi-bin'? (y/n)
That seems to meet the permissive in what you accept requirement. The
very most I'd be prepared to tolerate is a warning being displayed on
the status line for this case.
Finally, you might suggest that your users read http://www.junkbusters.com/
> Do not reply to sender's address. Spam will not be tolerated.
Any reply address you put in the correct location for the protocol risks
being used for replies, even if this triggers alarms or causes nuisance
DNS lookups on the root servers; I don't feel obliged to screen every
message for alternative reply instructions.