For your amusement, here�s my conversation with 800.com�s tech
support.
Olli
------- Forwarded message follows -------
From: Glen Grays <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Unknow user
Date sent: Wed, 8 Sep 1999 18:00:08 -0700
Hello,
All user need to log on the system if they are going to order something... (
has been tested in Netscape/IE 4.0/5.0)
But anyone can browse the site at anytime.... but it's best that the
cookies be anable and securty is set to med.
Thanks 800.com
----------------------------------------------------
800.COM Call #: 178577
Caller: - Oliver Wagner
Phone:
Summary:
9/8/99 5:55:04 PM GGRAYS
Hi,
this is a technical problem regarding the web server which serves
www.800.com.
There is a rather bizarre bug in the initial cookie check when hitting
www.800.com for the first time:
The first referal script does NOT issue a Set-Cookie: HTTP response line
when the User-Agent: of the initial request doesn't exactly match
"Mozilla/4.0" as issued by MSIE and Navigator.
Instead, a simple "302" status is returned, with the Location: of
the cookie check script, which obviously does NOT find a cookie,
and then is further refered to the nocookies.asp script.
The net result is that people who are trying to browse www.800.com
with a different browser are unable to process past the cookie check,
even if their browser would support Cookies fine.
The bug can easily be reproduced using telnet and doing a minimal
HTTP request like
GET / HTTP/1.1
Host: www.800.com
You will see that the response contains no Set-Cookie:.
I suggest that you issue a standard HTTP compliant Set-Cookie: header
in case the initial request is done by a "unknown" User-Agent:, so
that people can procede properly.
Thanks,
Olli
------- End of forwarded message -------
____________________________________________________________
Voyager Mailing List - Info & Archive: http://www.vapor.com/
For Listserver Help: <[EMAIL PROTECTED]>, "HELP"
To Unsubscribe: <[EMAIL PROTECTED]>, "UNSUBSCRIBE"
