launchpad-dev team mailing list archive

[Max Bowsher <maxb@xxxxxxx>]

On 01/06/10 20:10, Gary Poster wrote:
> I diagnosed a bug last week:
> https://bugs.edge.launchpad.net/launchpad-foundations/+bug/586908 .
> 
> I tried to give a concise but complete description of that problem in
> that bug.  To sum up, people can't authenticate using Lynx on
> launchpad.net (but *.launchpad.net, including edge.launchpad.net, is
> fine).  It appears to be because Lynx interprets Cookie
> domain-matching using a stricter reading of the pertinent RFC than
> most browsers do.
...
> Moreover, what Lynx is doing is at least arguably correct.

I agree it's correct according to the RFC.

However, I can't help thinking that the RFC is silly to define it that way.

If major GUI browsers have decided that the RFC is silly too, perhaps we
should initiate a discussion with the Lynx maintainers on matching that
behaviour.

The RFC's behaviour forbids example.com and foobar.example.com from
sharing cookies, if I'm reading it correctly, which seems
incomprehensible to me.

...

> Other approaches considered:
> 
> - Try to get Lynx upstream to change behavior.  This does not solve
> existing installations.

It seems worth a try, at least. If every other popular browser does it
another way, and there's no underlying rationale for what the RFC says,
and there *is* a rationale for deviating from the RFC, that's a fairly
potent argument to ignore the RFC.

Max.

Attachment: signature.asc
Description: OpenPGP digital signature