lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev meaning of -cookies (was: Cookies and command line operation)


From: Klaus Weide
Subject: lynx-dev meaning of -cookies (was: Cookies and command line operation)
Date: Wed, 3 Nov 1999 14:37:52 -0600 (CST)

On Wed, 3 Nov 1999, Leonid Pauzner wrote:
> 30-Oct-99 11:50 Klaus Weide wrote:
> > Actually there isn't currently really one "cookies are ON/OFF"
> > setting.  There is SET_COOKIES which controls receiving (accepting)
> > of cookies in general, it doesn't affect the sending side of cookie
> > precoessing directly (you may still be sending cookies if SET_COOKIES:
> > FALSE but PERSISTENT_COOKIES:TRUE, see comments to SET_COOKIE in recent
> > lynx.cfg).  Inconsistently, -cookies is the command line option that
> > corresponds to SET_COOKIE, but -cookies=off still doesn't turn all
> > cookie processing off, only the receiving-of-Set-Cookie side.
> 
> > (I'd appreciate if someone would check whether that's actually all
> > true and not just my understanding...)
> 
> Hmm, interesting, I haven't thought on that.
> 
> There is a hole: HTTP.c uses LYSetCookies (aka -cookies flag or SET_COOKIES
> from lynx.cfg) value while processing the received cookie from the remote
> server; it is NOT checked while sending http request [see LYCookie() calls
> near the top of HTTP.c].

You call it a hole and seem to just have discovered it.  I have tried
to document it.  Did you not read the text for SET_COOKIE in lynx.cfg?

# If SET_COOKIES is set FALSE, Lynx will ignore Set-Cookie headers
# in http server replies.  Note that if a COOKIE_FILE is in use (see
# below) that contains cookies at startup, Lynx will still send those
# persistent cookies in requests as appropriate.  Setting SET_COOKIES
# to FALSE just prevents accepting any new cookies from servers.  To
# prevent all cookie processing (sending *and* receiving) in a session,
# make sure that PERSISTENT_COOKIES is not TRUE or that COOKIE_FILE does
# not point to a file with cookies, in addition to setting SET_COOKIES
# to FALSE.

If you assumed that -cookies turns cookie processing completely on or
off - that's understandable, goven the name, but I don't think Lynx
documentation says this anywhere.  For example, according to man page
and -help,

       -cookies
              toggles handling of Set-Cookie headers.

"Set-Cookie:" is incoming.  Outgoing is "Cookie:", the description doesn't
say anything about that.

Note, I am not responsible for the behavior, I probably wouldn't have
done it this way; I have merely tried to document what is actually the
case.

By the way, don't look only at HTTP.c, also look at HTMIME.c to see
what happens to incoming Set-Cookie headers.

> There was no problem before when LYSetCookies were set once per lynx session
> so cookies jar was always empty when the receiving of cookies were blocked.

Is there a problem now?  And what exactly is the problem?

> Now, with modern persistent cookies, reloading lynx.cfg and
> switching on/off cookies from the options menu
> it is not consitent any more [we *send* cookie headers
> in more situations than we probably want]. This may affect privacy
> and caches somehow. The topic is: SET_COOKIES and PERSISTENT_COOKIES
> are not mutually exclusive, there is an overload which is not intuitive.
> >From the other hand, PERSISTENT_COOKIES flag is not available from
> the options menu nor command line option.
> 
> That is discussible (if there is an auditorium:) -
> many combinations possible:
> 1) add LYSetCookies check on the sending part of HTTP.c

This would change the meaning of -cookies and SET_COOKIES from
what is documented now.

> 2) add a new flag to allow writing of persistent cookies to a file

This is closer to the original topic of the tread, but now we seem
to be talking about the meaning of -cookies / SET_COOKIES, nothing
specific to persistent cookies.

> 3) ...
> 4) ...

???

   Klaus


reply via email to

[Prev in Thread] Current Thread [Next in Thread]