[Mailman-Developers] cookies

Ricardo Kustner ricardo@rixhq.nu
Thu, 11 May 2000 00:00:48 +0200


On Wed, May 10, 2000 at 11:04:11PM +0200, Harald Meland wrote:
> > > > i think thats a good point... it would safe some user questions if
> > > > MM tells exactly why the authorisation failed.
> > > While I agree that such a warning would be nice, I don't think it's
> > > possible to do such things with cookies.
> > it's possible to set a test cookie to see if cookies are
> > enabled...
> Ahh, I didn't even think of using multiple cookies :)
> If I understand you correctly, you're proposing something like this:
> Have I understood you correctly?  Does anyone think that implementing
> this (apart from my misunderstandings, of course :) would be a bad
> thing?
I haven't really thought about how it could be implemented exactly,
but since you can set multiple cookies at once, i was thinking about
something like this:
1) at the first access to the login page (which shows the password entry)
   a test cookie is set
2) after the password is submitted, a first check is done to see
   if the test cookie survived... if it's not there, it's safe to
   assume cookies are not working with this browser...
   if the test cookie exists, the password is checked, and a auth 
   cookie is generated (exactly like it works now)
you used 2 test cookies in your example, but i'm not sure if that's
necessary... or maybe I could forget something though :)
also, AFIAK, deleting a cookie can be done by re-setting it with
an empty value (though i believe there are some old versions of
either IE or Netscape which have a bug with this feature)

> And, while we're talking about cookies: Does anyone know whether
> switching from the cookie attribute "Expires" (which was part of the
> original Netscape cookie proposal) to the RFC2109 cookie attribute
> "Max-Age" is likely to cause any problems?
I'm not sure, but I don't trust browsers to be RFC compliant... after
all they always make up their own standards and expect others to follow
their innovations :)

> Of course, if there are any (major) browsers in use out there that
> doesn't understand Max-Age, it would be a bad idea to change Mailman.
this is the first time I've heard about Max-Age