[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev meaning of -cookies (was: Cookies and command line opera
Re: lynx-dev meaning of -cookies (was: Cookies and command line operation)
Thu, 4 Nov 1999 01:36:19 +0300 (MSK)
3-Nov-99 14:37 Klaus Weide wrote:
> On Wed, 3 Nov 1999, Leonid Pauzner wrote:
>> There is a hole: HTTP.c uses LYSetCookies (aka -cookies flag or SET_COOKIES
>> from lynx.cfg) value while processing the received cookie from the remote
>> server; it is NOT checked while sending http request [see LYCookie() calls
>> near the top of HTTP.c].
> You call it a hole and seem to just have discovered it. I have tried
> to document it. Did you not read the text for SET_COOKIE in lynx.cfg?
Yes, it is documented explicitely. And yes, I have not looked into that deeply
before this thread.
> If you assumed that -cookies turns cookie processing completely on or
> off - that's understandable, goven the name, but I don't think Lynx
> documentation says this anywhere. For example, according to man page
> and -help,
> toggles handling of Set-Cookie headers.
> "Set-Cookie:" is incoming. Outgoing is "Cookie:", the description doesn't
> say anything about that.
> Note, I am not responsible for the behavior, I probably wouldn't have
> done it this way; I have merely tried to document what is actually the
> By the way, don't look only at HTTP.c, also look at HTMIME.c to see
> what happens to incoming Set-Cookie headers.
Sorry, the actual work done in HTMIME.c, and I saw a "redirection" case.
Well, there are two external calls only: LYCookie() and LYSetCookie().
>> There was no problem before when LYSetCookies were set once per lynx session
>> so cookies jar was always empty when the receiving of cookies were blocked.
> Is there a problem now? And what exactly is the problem?
Form options menu say "Cookies..." one should read "Accept Cookies",
we should check other wording around also.
PERSISTENT_COOKIES as it is implemented now
seems doind a wrong (but documented) job for SET_COOKIES:FALSE,
I have a feeling that it was not intended by the original author (RP).
Probably I am very wrong.
>> Now, with modern persistent cookies, reloading lynx.cfg and
>> switching on/off cookies from the options menu
>> it is not consitent any more [we *send* cookie headers
>> in more situations than we probably want]. This may affect privacy
>> and caches somehow. The topic is: SET_COOKIES and PERSISTENT_COOKIES
>> are not mutually exclusive, there is an overload which is not intuitive.
>> >From the other hand, PERSISTENT_COOKIES flag is not available from
>> the options menu nor command line option.
>> That is discussible (if there is an auditorium:) -
>> many combinations possible:
>> 1) add LYSetCookies check on the sending part of HTTP.c
> This would change the meaning of -cookies and SET_COOKIES from
> what is documented now.
>> 2) add a new flag to allow writing of persistent cookies to a file
> This is closer to the original topic of the tread, but now we seem
> to be talking about the meaning of -cookies / SET_COOKIES, nothing
> specific to persistent cookies.
>> 3) ...
>> 4) ...