On 01/06/10 20:10, Gary Poster wrote: > I diagnosed a bug last week: > https://bugs.edge.launchpad.net/launchpad-foundations/+bug/586908 . > > I tried to give a concise but complete description of that problem in > that bug. To sum up, people can't authenticate using Lynx on > launchpad.net (but *.launchpad.net, including edge.launchpad.net, is > fine). It appears to be because Lynx interprets Cookie > domain-matching using a stricter reading of the pertinent RFC than > most browsers do. ... > Moreover, what Lynx is doing is at least arguably correct.
I agree it's correct according to the RFC. However, I can't help thinking that the RFC is silly to define it that way. If major GUI browsers have decided that the RFC is silly too, perhaps we should initiate a discussion with the Lynx maintainers on matching that behaviour. The RFC's behaviour forbids example.com and foobar.example.com from sharing cookies, if I'm reading it correctly, which seems incomprehensible to me. ... > Other approaches considered: > > - Try to get Lynx upstream to change behavior. This does not solve > existing installations. It seems worth a try, at least. If every other popular browser does it another way, and there's no underlying rationale for what the RFC says, and there *is* a rationale for deviating from the RFC, that's a fairly potent argument to ignore the RFC. Max.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
