lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev meaning of -cookies (was: Cookies and command line opera


From: Leonid Pauzner
Subject: Re: lynx-dev meaning of -cookies (was: Cookies and command line operation)
Date: Thu, 4 Nov 1999 01:36:19 +0300 (MSK)

3-Nov-99 14:37 Klaus Weide wrote:
> On Wed, 3 Nov 1999, Leonid Pauzner wrote:

>> There is a hole: HTTP.c uses LYSetCookies (aka -cookies flag or SET_COOKIES
>> from lynx.cfg) value while processing the received cookie from the remote
>> server; it is NOT checked while sending http request [see LYCookie() calls
>> near the top of HTTP.c].

> You call it a hole and seem to just have discovered it.  I have tried
> to document it.  Did you not read the text for SET_COOKIE in lynx.cfg?

Yes, it is documented explicitely. And yes, I have not looked into that deeply
before this thread.

> If you assumed that -cookies turns cookie processing completely on or
> off - that's understandable, goven the name, but I don't think Lynx
> documentation says this anywhere.  For example, according to man page
> and -help,

>        -cookies
>               toggles handling of Set-Cookie headers.

> "Set-Cookie:" is incoming.  Outgoing is "Cookie:", the description doesn't
> say anything about that.

> Note, I am not responsible for the behavior, I probably wouldn't have
> done it this way; I have merely tried to document what is actually the
> case.

> By the way, don't look only at HTTP.c, also look at HTMIME.c to see
> what happens to incoming Set-Cookie headers.
Sorry, the actual work done in HTMIME.c, and I saw a "redirection" case.
Well, there are two external calls only: LYCookie() and LYSetCookie().

>> There was no problem before when LYSetCookies were set once per lynx session
>> so cookies jar was always empty when the receiving of cookies were blocked.

> Is there a problem now?  And what exactly is the problem?
Form options menu say "Cookies..." one should read "Accept Cookies",
we should check other wording around also.

PERSISTENT_COOKIES as it is implemented now
seems doind a wrong (but documented) job for SET_COOKIES:FALSE,
I have a feeling that it was not intended by the original author (RP).
Probably I am very wrong.

>> Now, with modern persistent cookies, reloading lynx.cfg and
>> switching on/off cookies from the options menu
>> it is not consitent any more [we *send* cookie headers
>> in more situations than we probably want]. This may affect privacy
>> and caches somehow. The topic is: SET_COOKIES and PERSISTENT_COOKIES
>> are not mutually exclusive, there is an overload which is not intuitive.
>> >From the other hand, PERSISTENT_COOKIES flag is not available from
>> the options menu nor command line option.
>>
>> That is discussible (if there is an auditorium:) -
>> many combinations possible:
>> 1) add LYSetCookies check on the sending part of HTTP.c

> This would change the meaning of -cookies and SET_COOKIES from
> what is documented now.

>> 2) add a new flag to allow writing of persistent cookies to a file

> This is closer to the original topic of the tread, but now we seem
> to be talking about the meaning of -cookies / SET_COOKIES, nothing
> specific to persistent cookies.

>> 3) ...
>> 4) ...

> ???

>    Klaus





reply via email to

[Prev in Thread] Current Thread [Next in Thread]