lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev Lynx overly zealous about rejecting "invalid" Cookies


From: Concealed Sender
Subject: lynx-dev Lynx overly zealous about rejecting "invalid" Cookies
Date: Tue, 25 May 1999 13:27:39 -0700 (PDT)

User complaint: gnatsweb 2.3 + CGI.pm 2.51 + Apache 1.3.6 "works
fine with Netscape and IE; doesn't retain login information in
lynx."


Observed behavior:

Lynx 2.8.1rel.2: silently discards Cookie; trace log records:
store_cookie: Rejecting because '/cgi-bin/' is not a prefix of '/cgi-bin'.

Lynx 2.8.2pre.7: prompts user:
Accept invalid cookie path=/cgi-bin/ as a prefix of '/cgi-bin'? (y/n) 


Additional Information: gnatsweb is a Perl script that calls upon
CGI.pm for its Cookie management.
<URL:http://stein.cshl.org/WWW/software/CGI/>

A user issues a request for
http://www.domain.com/cgi-bin/gnatsweb.pl,
which returns a Cookie that looks like:

Set-Cookie: gnatsweb=password&yyy&database&zzz&user&xxx; domain=www.domain.com; 
path=/cgi-bin/; expires=Wed, 24-May-2000 20:00:00 GMT


I say store_cookie() should not be so picky about this "edge
condition."  (Invoking the General Robustness Principle, and
offering the customary contempt for anyone who mistakes the
contents of an Internet Draft for practical advice.)


Interim workaround for Lynx 2.8.1rel.2:

*** lynx2-8-1/src/LYCookie.c.orig       Sat Oct 24 09:49:07 1998
--- lynx2-8-1/src/LYCookie.c
***************
*** 284,290 ****
       *        Section 4.3.2, condition 1: The value for the Path attribute is
       *        not a prefix of the request-URI.
       */
!     if (strncmp(co->path, path, co->pathlen) != 0) {
        CTRACE(tfp, "store_cookie: Rejecting because '%s' is not a prefix of 
'%s'.\n",
                    co->path, path);
        freeCookie(co);
--- 284,292 ----
       *        Section 4.3.2, condition 1: The value for the Path attribute is
       *        not a prefix of the request-URI.
       */
!     if (co->pathlen>0&&strncmp(co->path, path, co->pathlen) != 0&&
!       (strlen(path)!=co->pathlen-1||co->path[co->pathlen-1]!='/'||
!       strncmp(co->path, path, co->pathlen-1))) {
        CTRACE(tfp, "store_cookie: Rejecting because '%s' is not a prefix of 
'%s'.\n",
                    co->path, path);
        freeCookie(co);
-- 
Do not reply to sender's address.  Spam will not be tolerated.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]