hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <o.kalnichev...@dplanet.ch>
Subject Re: Bad cookie header: illegal domain attribute
Date Mon, 02 Dec 2002 20:14:23 GMT
Mike


I do not want to turn into some sort of cookie Taliban or Revolutionary
Guards here and decide for others how they may want to have their cookie
served. I think there should be a way to turn off the validation, even
though it does not quite make sense to me

Anyhow, the cookie class is in need of a better design. I'll try to
restructure the Cookie class more radically. However, there's no
guarantee that the patch will be accepted 

Cheers

Oleg


On Mon, 2002-12-02 at 19:12, Mike Bowler wrote:
>   Hi Oleg,
> 
>  > PS: Stuff sent by IE does not count. I am surprised it has not 
> included your credit card
>  > number into that HTTP request.
> 
> :-)
> 
> This next dump is from mozilla 1.1
> 
>  > Are you absolutely positive that this cookie does originate from
>  > Mozilla and is not added later by some "man in the middle" system?
> 
> The sniffer I'm running (ethereal) is on the same machine as Mozilla and 
> from looking at ip addresses, it would certainly appear that the request 
> really is coming from this machine.  I'm no expert on forging addresses 
> but it looks legitimate to me.
> 
> ===============================
> GET /ecp/index.html HTTP/1.1
> Host: test2.ecp.toyota.ca
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) 
> Gecko/20020826
> Accept: 
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1
> Accept-Language: en-us, en;q=0.50
> Accept-Encoding: gzip, deflate, compress;q=0.9
> Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
> Keep-Alive: 300
> Connection: keep-alive
> 
> HTTP/1.1 401 Authorization Required
> Date: Mon, 02 Dec 2002 17:59:14 GMT
> Server: Apache/1.3.14 (Unix)
> WWW-authenticate: basic realm="ECP [12:59:14:4625]"
> Set-Cookie: SMCHALLENGE=YES; path=/; domain=.toyota.ca
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
> Transfer-Encoding: chunked
> Content-Type: text/html; charset=iso-8859-1
> 
> 1df
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <HTML><HEAD>
> <TITLE>401 Authorization Required</TITLE>
> </HEAD><BODY>
> <H1>Authorization Required</H1>
> This server could not verify that you
> are authorized to access the document
> requested.  Either you supplied the wrong
> credentials (e.g., bad password), or your
> browser doesn't understand how to supply
> the credentials required.<P>
> <HR>
> <ADDRESS>Apache/1.3.14 Server at tcisudev02.tci.toyota.com Port 80</ADDRESS>
> </BODY></HTML>
> 
> 0
> 
> GET /ecp/index.html HTTP/1.1
> Host: test2.ecp.toyota.ca
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) 
> Gecko/20020826
> Accept: 
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1
> Accept-Language: en-us, en;q=0.50
> Accept-Encoding: gzip, deflate, compress;q=0.9
> Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
> Keep-Alive: 300
> Connection: keep-alive
> Authorization: Basic <snipped>
> Cookie: SMCHALLENGE=YES
> ===============================
-- 
Oleg Kalnichevski <o.kalnichevski@dplanet.ch>


Mime
View raw message