[pkg-lynx-maint] Bug#820485: lynx: Cookie handling at odds with RFC 6265
Andy Valencia
ajv-691-118-1432 at vsta.org
Fri Apr 8 22:48:20 UTC 2016
Package: lynx
Version: 2.8.9dev1-2+deb8u1
Severity: normal
RFC 6265 cleared up some older ambiguities with respect to different
ports on the same web server host. Specifically:
> cookies for a given host are shared across all the ports on that host, even
> though the usual "same-origin policy" used by web browsers isolates content
> retrieved via different ports.
and:
> Cookies do not provide isolation by port. If a cookie is readable by a
> service running on one port, the cookie is also readable by a service
running
> on another port of the same server.
Lynx should converge on this mandated behavior in its cookie treatment,
rather than enforcing distinct cookies for each port. I often use
Lynx for quick-n-dirty application server invocations but I'm working
on an app which is decomposed into distinct processes and this non-
standard behavior makes Lynx unusable in this environment.
-- System Information:
Debian Release: 8.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lynx depends on:
ii lynx-cur 2.8.9dev1-2+deb8u1
lynx recommends no packages.
lynx suggests no packages.
-- no debconf information
More information about the pkg-lynx-maint
mailing list