[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Cookie won't stick?

From: Klaus Weide
Subject: Re: lynx-dev Cookie won't stick?
Date: Thu, 17 Feb 2000 16:42:34 -0600 (CST)

On Fri, 4 Feb 2000, Roy Rodenstein wrote:

> Hi :) Love lynx! Now here's the issue I'm having. I've been using
> cookies with great success, including permanent cookies (although it
> seems I have temporarily over-grant cookie access until I acquire the
> cookie, then I can re-limit it. Or sometimes using doesn't
> work, I need to put in the whole machine name, but maybe I don't
> understand how that is supposed to work?).

The you put in one of the lynx.cfg COOKIE_* list options
should exactly match (except for case) the domain= value that is usually
transmitted with the cookie from the server.  Except that if the transmitted
cookie= value does not start with a '.', it should still have one in the
lynx.cfg option.  If the cookie comes without an explicit domain=, then
what you put in lynx.cfg should match the hostname from the URL (for which
the cookie was received), *without* a leading dot.  This is from memory...
In all those cases, the domain to put in lynx.cfg is the same that appears
in the Cookie Jar (^K) page after the cookie has been accepted.  (Yes, there
is a catch-22 here...)

> However, there's one site which I can't get to work. They don't tell you
> the browser requirements but as long as, in Netscape, I have it set to
> "accept all cookies" then the site works fine (i.e. it doesn't use
> JavaScript or anything else, as far as I can tell it _just_ uses
> cookies). But in lynx, after I enter my username/password to log in,
> then when I go to any other page it asks me to log in again. Then it
> accepts my username/passsword just fine, again, but still if I try going
> to another page it asks me to log in again. This always happens.
> I've tried -accept_all_cookies, put the domain and variations on it in
> the cookie ACCEPT domains, put it in the sloppy
> cookie-validity-checking, etc. to no avail. (I also use -user_agent with
> netscape just in case, but they don't seem to check that). Any ideas?
> Could it be that the cookie they try to set is _so_ invalid that lynx
> doesn't even consider it?? 

Yes, that is possible.  Most likely, the cookie gets sent from the server
with a domain= value that completely mismatches the server's hostname
(according to the cookie draft that Lynx implements).  Those cookies would
be dropped under all circumstances.  That's intentional, without such
restrictions any old server would be allowed to interfere with any other
server's sessions.

> No matter what settings I use, lynx never
> asks me if I want to set a cookie when I log in, whereas under Netscape
> if I set it to 'ask before setting cookie' it does tell me they try to
> set a cookie when I log in. 

With Netscape, you may have to check "only accept cookies originating from
the same server" to get checking similar to what Lynx does (I haven't
tested it).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]