[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV bad query (egghead website)

From: Foteos Macrides
Subject: Re: LYNX-DEV bad query (egghead website)
Date: Thu, 26 Jun 1997 18:04:44 -0500 (EST)

Laura Eaves <address@hidden> wrote:
>> Date: Thu, 26 Jun 1997 08:25:15 -0400 (EDT)
>> From: Wayne Buttles <address@hidden>
>> > I have cookies enabled, but the server never offers me a cookie.
>> > Were you offered a cookie?
>> > Where were you offered the cookie?
>> I was offered the cookie while sitting ont the home page, BUT I bet it
>> came from one of the frames we didn't select.  Receintly I have been
>> seeing multiple cookies from single pages on the web.  Each dam icon wants
>> its own cookie.
>Excuse a potentially dumb question, but why were you offered the cookie
>and I wasn't?
>I tried selecting 2 of the frames and ran into the same problems both times,
>and I never got any cookies.
>Thanks in advance.

        My suggestion is that you become more proficient in using the
TRACE features, which have been enhanced recently for better access by
blind or sight-restricted users.  Toggle it ON before accessing a site
which gives you problems, or in preparation for a RELOAD (^R), making
sure you have the tlog function ON ;( which, unfortunately, was changed
to an OFF default in the development code ); so that the trace messages
do not go whizzing by on your screen/interface.  Then toggle it off,
use the TRACE_LOG command (';') and do a WHEREIS search for "cookie".

        If you had done that, you would have been positioned on the
TRACE messages that contain the target "cookie", and could have
determined that indeed a Set-Cookie header was sent for the top FRAME,
but it has an expires header with "01-01-2022" as its value, instead
of in the format of the cookie specs.  If the LYmktime() function in
LYUtils.c fails to convert the string to max-age format, it uses a
value of 0 (expired cookie).  So, if you had used the COOKIE_JAR
command (^K), you would have seen that you do have an entry for
egghead, but no non-expired cookies.  Lynx only prompts you about
accepting cookies which will be active for the session, and only
if you haven't set acceptence of cookies from the site as the

        I posted an update notice this morning about having modified
LYmktime() so that it handles that date format, and if you update,
you will get an active cookie for that FRAME.  It won't help you buy
anything, however.  The site is set up to send the entry cookie and
shopping cart cookies via http, on port 80, but you make the actual
purchases via https (SSL), on port 443.  Lynx respects the cookie
RFC's blanket port restriction (don't share cookies among servers
on different ports, even if they qualify for sharing based on the
domain field).  So, you don't get your entry cookie or shopping list
sent with the purchase request...

        I had coded Lynx redundantly to block cookie sharing based
on either a port restriction or on a secure restricion, so that
they eventually could be made independent, and both configureable,
and raised this problem in the HTTP-WG.  The spec is going to be
changed so that is also supports a port attribute.  So the server
can send either a "secure" or "port" field (or both) with the
cookie, to regulate those restrictions independently, and the
user similarly could configure them each ON or OFF by default,
and modify them via the Cookie Jar Page.  But that's all in the


 Foteos Macrides            Worcester Foundation for Biomedical Research
 address@hidden         222 Maple Avenue, Shrewsbury, MA 01545
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]