[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev more cookie wackiness [revisited]
From: |
brian j pardy |
Subject: |
Re: lynx-dev more cookie wackiness [revisited] |
Date: |
Mon, 1 Mar 1999 21:45:59 -0800 |
[left unsnipped to refresh minds]
On Fri, Feb 19, 1999, I wrote:
> On Fri, Feb 19, 1999, address@hidden wrote:
> > On Fri, 19 Feb 1999, brian j pardy wrote:
> > >Hmm, I'd say not to worry about trying dev.17 then. I'd just try getting
> > >trace output, and I may be able to figure out from there if a fixed bug
> > >or something that needs to be looked into more.
> > >
> > >Is this a sudden change?
> >
> > Yes, that's why I tend to blame it on their end first, especially since I'm
> > trying to "sneak" in and they only officially support IE and Netscape.
>
> Well, I think this is what it is. No guarantees, but I'm pretty sure.
>
> Beginning at line 7586 of your tracefile:
>
> LYSetCookie called with host 'trading47.schwab.com', path '/trading/signon',
> and Set-Cookie: 'CustInfo=; domain=.schwab.com; path=/; secure,
> CookieTest=YES; domain=.schwab.com; path=/; secure, SessionInfo=; domain=.
> schwab.com; path=/; expires=Mon, 01-Jul-1996 01:00:00 GMT; secure'
> LYmktime: Parsing 'Mon, 01-Jul-1996 01:00:00 GMT'
> LYProcessSetCookie: attr=value pair: 'CookieTest=YES'
>
> Expires in 1996.
>
> In cookie storage code:
>
> /*
> * Don't bother to add the cookie if it's already expired.
> */
> if ((co->flags & COOKIE_FLAG_EXPIRES_SET) && co->expires <= now) {
> freeCookie(co);
> co = NULL;
>
> Netscape's cookie spec:
>
> expires=DATE
> The expires attribute specifies a date string that defines the
> valid life time of that cookie. Once the expiration date has
> been reached, the cookie will no longer be stored or given out.
>
> Server's broken.
>
> And if this works under Netscape and IE... <sigh>
I take this back. After skimming the tracelog I was sent, again, in
an attempt to get information to send to schwab's webmaster and quote
from spec to complain, I noticed a few things:
First, these are the headers that the schwab server is sending to
Lynx:
Server: Netscape-Enterprise/3.6^M
Date: Sat, 20 Feb 1999 01:19:40 GMT^M
Content-type: text/html^M
Expires: Thu, 18 Feb 1999 01:19:40 GMT^M
Set-cookie: CustInfo=; domain=.schwab.com; path=/; secure^M
Set-cookie: CookieTest=YES; domain=.schwab.com; path=/; secure^M
Set-cookie: SessionInfo=; domain=.schwab.com; path=/; expires=Mon, 01-Jul-1996
01:00:00 GMT; secure^M
Connection: close^M
^M
When Lynx sends these off to LYCookie.c to process, we see this in
the tracelog:
LYSetCookie called with host 'trading41.schwab.com', path '/trading',
and Set-Cookie: 'CustInfo=; domain=.schwab.com; path=/; secure,
CookieTest=YES; domain=.schwab.com; path=/; secure, SessionInfo=; domain=.
schwab.com; path=/; expires=Mon, 01-Jul-1996 01:00:00 GMT; secure'
LYmktime: Parsing 'Mon, 01-Jul-1996 01:00:00 GMT'
LYProcessSetCookie: attr=value pair: 'CookieTest=YES'
Lynx is then discarding *ALL* of these cookies, because of that final
expires= line, as far as I can tell. The multiple Set-cookie: headers
are being concatenated into a single string in HTTP.c:
HTTP.c::1153:
if (TOUPPER(*cp) != 'S') {
cp++;
} else if (!strncasecomp(cp, "Set-Cookie:", 11)) {
char *cp1 = NULL, *cp2 = NULL;
cp += 11;
It then goes on to make them all one big string if I'm understanding
this right. It then apparently discards all of these cookies due to
the expires= attribute point 2.5 years in the past.
It *looks* to me like the expires= that is being sent should only be
affecting the SessionInfo= cookie.
Anyone know why it affects all of them, or if this was intentional?
I can't see anything in Netscape's cookie spec describing this either
way, but I may have missed something.
--
Life is a POPULARITY CONTEST! I'm REFRESHINGLY CANDID!!
- Re: lynx-dev more cookie wackiness [revisited],
brian j pardy <=