durusmail: quixote-users: Setting cookies while redirecting
wierd TypeError caused by http_request.get_header
2004-08-28
Bruce Wang
2004-08-28
Jason E. Sibre
2004-08-30
Bruce Wang
2004-08-30
Jason Sibre
2004-08-30
Bruce Wang
Setting cookies while redirecting
2004-08-31
alanp
2004-08-31
Jason E. Sibre
2004-08-31
alanp
2004-08-31
Oleg Broytmann
2004-08-31
Martin Maney
2004-08-31
Oleg Broytmann
2004-09-01
alanp
2004-09-03
John J Lee
2004-09-06
alanp
2004-09-06
Oleg Broytmann
2004-09-06
alanp
2004-08-31
John J Lee
Setting cookies while redirecting
Martin Maney
2004-08-31
On Tue, Aug 31, 2004 at 07:37:04PM +0400, Oleg Broytmann wrote:
> a problem. Of course I always set cookie and redirect to the same host:
  ...
>    All of my web applications start with set-cookie/test-cookie pair of
> CGIs/scripts/whatever, and all browsers I have tested (all versions of
> lynx, links2, elinks, Mozilla, Opera, M$IE) passed the test.
>
>    What am I doing wrong?!

Nothing.  3.3.6 only requires that cookies sent in the redirect be
ignored when the redirect is to a "third-party host", so a redirect to
a different URL at the same host is allowed, setting-cookies'ly.

   An unverifiable transaction is to a third-party host if its request-
   host U does not domain-match the reach R of the request-host O in the
   origin transaction.

   When it makes an unverifiable transaction, a user agent MUST disable
   all cookie processing (i.e., MUST NOT send cookies, and MUST NOT
   accept any received cookies) if the transaction is to a third-party
   host.

See?  Clear as mud!

--
During much of that epoch [the thirties and early forties],
I gained my livelihood writing for the silver screen,
an occupation which, like herding swine, makes the vocabulary pungent
but contributes little to one's prose style.  -- S J Perelman
reply