List Info

Thread: Re: Silently rejecting '.domain.tld' cookies from http://domain.tld




Re: Silently rejecting '.domain.tld' cookies from http://domain.tld
country flaguser name
United Kingdom		 2008-04-26 18:07:42 
Doug Kaufman wrote:
> Please check your lynx.cfg file. It sounds as if you
have
> "COOKIE_STRICT_INVALID_DOMAINS" set. You
probably want
> "COOKIE_LOOSE_INVALID_DOMAINS" or
"COOKIE_QUERY_INVALID_DOMAINS".

They are all commented out in lynx.cfg (and the
corresponding lower
case names are set to empty strings in .lynxrc), so it
should apply
the default (ask user).

If I add .launchpad.net to COOKIE_LOOSE_INVALID_DOMAINS,
the
cookie is still rejected, the only difference in the trace
is the
value reported for invcheck_bv:

Loading cfg file '/etc/lynx.cfg'.
opening config file /etc/lynx.cfg
lynx_chg_color(color=6, fg=9, bg=0)
lynx_map_color(6)
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 326:
find_domain_entry(.launchpad.net) bv:-1, invcheck_bv:-1
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 2649:
cookie_domain_flag_set (.launchpad.net, bv=2,
invcheck_bv=2)

...

/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1782: LYSetCookie called
with host 'launchpad.net', path '/',
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1784:     and
Set-Cookie:
'lp=OxeeFGB6-UYGJDWligbykDrM7HsM9jbUVW2xCCeZY59-xDJEGCL4Cc;
Domain=.launchpad.net; expires=SuLYmktime: Parsing 'Sun, 26
Apr 2009 22:25:16 GMT'
LYmktime: clock=1240784716, ctime=Sun Apr 26 23:25:16 2009
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1077: LYSetCookie:
expires 1240784716, Sun Apr 26 23:25:16 2009
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1714:
LYProcessSetCookie: attr=value pair:
'lp=OxeeFGB6-UYGJDWligbykDrM7HsM9jbUVW2xCCeZY59-xDJEGCL4Cc'
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1718:                   
 expires: 1240784716, Sun Apr 26 23:25:16 2009

/tmp/lynx2-8-7-dev8/src/LYCookie.c: 315:
...test_domain_entry(.launchpad.net) bv:2, invcheck_bv:2
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 326:
find_domain_entry(.launchpad.net) bv:2, invcheck_bv:2
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 442: store_cookie:
Rejecting domain '.launchpad.net' for host 'launchpad.net'.

Same result if I use COOKIE_QUERY_INVALID_DOMAINS, with the
difference
that the trace shows invcheck_bv:0 instead of
invcheck_bv:2.

Looking at the source code, store_cookie doesn't look at the
value of
invcheck_bv in this case ("Section 4.3.2, condition
3"), so the values
of COOKIE_*_INVALID_DOMAINS will have no effect on the
result.

I copied the code checking the value of invcheck_bv to the
bit of
store_cookie which rejects this cookie, and now I do get
asked
"Accept invalid cookie domain=.launchpad.net for
'launchpad.net'? (n)"
-- however, the cookie is stored but not used (it appears in
the
cookie jar, but it is not sent with the HTTP request). So
this does
not help either.

C



_______________________________________________
Lynx-dev mailing list
Lynx-devnongnu.org
htt
p://lists.nongnu.org/mailman/listinfo/lynx-dev
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )