On or about 30 Nov, 2001, Mike Castle <[EMAIL PROTECTED]> wrote: > On Fri, Nov 30, 2001 at 02:33:15PM -0500, Larry W. Virden > wrote: > > Did you use https to log into https://mail.yahoo.com/ ? > > Because I just went to the above link, filled in my login and > > password, and the attempt failed. > > > > Then I did the same thing using netscape and it worked just > > fine... > > Ayup. > > However, I just paid attention to the subject: here. I'm > using: > > Lynx 2.8.5dev.3 > > Also using OpenSSL 0.9.6b, if that matters. > > Sure didn't accidently turn cookies off?
[...] "FORCE_SSL_COOKIES_SECURE:TRUE" keeps me from logging in via the https:// route. When you get routed from the https:// login to the http:// mail page, it doesn't know what to do with the secure cookie. I'm guessing, anyway. I'd always just left it set TRUE (more secure is better, right?), until I recently had the same problem with another site, and stumbled on why. Anyway, with dev2, and: FORCE_SSL_COOKIES_SECURE:FALSE ACCEPT_ALL_COOKIES:FALSE COOKIE_ACCEPT_DOMAINS:.mail.yahoo.com,mail.yahoo.com #COOKIE_REJECT_DOMAINS: COOKIE_LOOSE_INVALID_DOMAINS:mail.yahoo.com,.mail.yahoo.com,groups.yahoo.com #COOKIE_STRICT_INVALID_DOMAINS: #COOKIE_QUERY_INVALID_DOMAINS: PERSISTENT_COOKIES:TRUE #SET_COOKIES:TRUE [Note: SET_COOKIES is what is toggled by -cookies. When you used "lynx -cookies" (in another message), you just turned them off] #ACCEPT_ALL_COOKIES:FALSE PERSISTENT_COOKIES:TRUE I have no problem with yahoo's secure login. I just noticed a couple of those settings (ACCEPT & LOOSE_INVALID_DOMAINS) are redundant, but what the hey. I think I'll go compile the new version, now :) -- Michael Warner | Procrastinate now. <[EMAIL PROTECTED]> | ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
