[BRLTTY] OT: lynx and cookies
Sébastien Hinderer
Sebastien.Hinderer at ens-lyon.org
Fri May 9 03:39:29 EDT 2008
Hi,
Dave Mielke (2008/05/08 16:28 -0400):
> [quoted lines by Sébastien Hinderer on 2008/05/08 at 11:04 +0200]
>
> >Set-Cookie: PREF=ID=2d60fd05ac64fe72:TM=1210232535:LM=1210232535:S=dJhRGb-xp7pSLB6e; expires=Sat, 08-May-2010 07:42:15 GMT; path=/; domain=.google.fr
> >Set-Cookie: SS=Q0=bGludXg; path=/search
> >
> >As far as I understand it, the first one is invalid because its path
> >attribute is not a prefix of the requested URL path, which is /search.
>
> Perhaps that's a matter of opinion. The first cookie says (without the quotes)
> "path=/", which, to me, means that it's a cookie which aplies to the whole
> site. I'd think that "/" is a valid prefix of all paths at the site.
Indeed, but the path specified in the cookie is supposed to has as
prefix the path sent by the browser as the requested URL. Quoting
RFC2109, section 4.3.2 :
To prevent possible security or privacy violations, a user agent
rejects a cookie (shall not store its information) if any of the
following is true:
* The value for the Path attribute is not a prefix of the request-
URI.
Of course, one may very well discuss whether the choicemade here is a
good one or not, and this is certainly a matter of opinion. But it also
appears to me that as far as Google's website is concened, the problem
is just that they do not follow the standard, which has, according to
me, nothing to do with opinions.
Sébastien.
More information about the BRLTTY
mailing list