[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev persistent cookies (was: Post-query bug)
From: |
brian j. pardy |
Subject: |
Re: lynx-dev persistent cookies (was: Post-query bug) |
Date: |
Tue, 8 Dec 1998 09:39:26 -0800 (PST) |
On Tue, 8 Dec 1998, Klaus Weide wrote:
> I haven't tried the new code, but it looks ok to me as far as I have looked.
>
> I think it would be less confusing if store_cookies did not call
> HTConFirmCookies at all for de->bv == FROM_FILE, since no confirmation
> is ever involved - it will always return TRUE.
>
> Or, which would be much better, HTConfirmCookies should not return TRUE
> automatically for all FROM_FILE cookies! I think this needs to be
> resolved:
> /*
> * Ok, this is a problem. The first cookie for a domain
> * effectively sets the policy for that whole domain - for
> * something like Netlink, where there are lots of websites
> * under www.netlink.co.uk, this isn't sensible. However,
> * taking this sort of decision down to cookie level also
> * isn't sensible. Perhaps something based on the domain
> * and the path in conjunction makes more sense? - RP
> */
> It is not obvious to me why taking this to the cookie level is not
> sensible.
>
> Currently Lynx is misleading the user if (s)he uses persistent cookies but
> still wants control over accepting cookies. The Cookie Jar page says
> (Persistent Cookies.) for any domain with a cookie read from the persistent
> file and gives no indication that this actually means (All new cookies
> automatically accepted and you will never be prompted.)! The documentation
> also doesn't tell this part of the story. According to the text in the
> Users Guide, Set-Cookie MIME headers should still invoke confirmation
> prompts.
This could be a simple fix.
Is the display of "(Persistent Cookies.)" really necessary for cookies read
from the cookie file? Perhaps FROM_FILE can be done away with entirely,
by setting de->bv to QUERY_USER when loading a cookie from the cookie list
(unless it has already been set to ALWAYS_ALLOW or REJECT from .lynxrc),
and add cookies to the cookie list within LYLoadCookies without using
store_cookie. This will take care of automatically accepting cookies from
domains that have cookies stored, which would otherwise happen if
HTConfirmCookie was not called for FROM_FILE domains.
I should really be doing my Real Job right now, so no patch yet.
Thoughts?
--
GPG & PGP public keys: <URL:http://www.psnw.com/~posterkid/keys/>
PGP fingerprint: 42 57 B3 D2 39 8E 74 C3 5E 4D AC 43 25 D2 26 D4