Re: [Lynx-dev] Tr: Re: [infrastructure] [Cookie problem ?] Can't log in to drupal.org

Mon, 06 Jun 2011 16:48:59 -0700 

On Mon, 6 Jun 2011, Shérab wrote:


Hello again Thomas and all,

I am forwarding two answers I got from the infrastructure mailing list
in charge of Drupal.org.
According to these answers, the problem might have more to do with
domain than with path attribute of cookies...

But anyway it's good to know there will ultimately be a solution...

Sherab.

----- Forwarded message from Damien Tournoud <dam...@tournoud.net> -----

From: Damien Tournoud <dam...@tournoud.net>
Subject: Re: [infrastructure] [Cookie problem ?] Can't log in to drupal.org
Date: Sun, 5 Jun 2011 17:11:16 +0200
To: "Drupal.org Infrastructure Maintainers" <infrastruct...@drupal.org>,
        Shérab <sebastien.hinde...@ens-lyon.org>

  Hi everyone,

  This is a well-known issue in Lynx. Lynx is known to implement the
  original Cookie RFC (RFC 2109) correctly; it is probably also the only
  browser that does.


It would be nice to have some pointer to the source of "well-known", etc.,
since google isn't being helpful, either.


  According to RFC 2109, the domain part of Set-Cookie *MUST* begin with
  a dot, and "[1]example.com" is not a "domain-match" for
  ".[2]example.com". As a consequence, cookies set for ".[3]drupal.org"
  do not apply to "[4]drupal.org". This (arguably silly) requirement has
  never been implemented by mainstream browsers and is now officially
  reverted by the newer RFC 6265.
on the other hand, no one had reported this detail as a bug report on lynx... 


  (More precisely, RFC 6265 mandates that browsers should ignore a
  leading "." in the Domain attribute if sent by the server. See section
  5.2.3. This is an extension of the behavior currently implemented in
  most browsers, and makes it impossible to have cookies that apply to
  [5]example.com, but not [6]x.example.com.)


RFC 6265 was published in April 2011, obsoleting
RFC 2965, which was published in October 2000, in turn obsoleting
RFC 2109, which was published in February 1997.

I was aware of 2965 of course, but don't recall anything in _that_
which affected the domain-matching rules.  I'll read the latest iteration.

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net
_______________________________________________
Lynx-dev mailing list
Lynx-dev@nongnu.org
https://lists.nongnu.org/mailman/listinfo/lynx-dev

Reply via email to