PDA

View Full Version : Cookie monster in iSiloX v4.2b2 (Windows)

Steve King
12-07-2004, 05:34 AM
I'm trying to pull Slashdot's RSS feed <http://slashdot.org/index.rss>, link depth of 1 to get comments as well as the articles. I enter my user information as a cookie (copied from Firefox). The first time this works perfectly; I get the feed and on the comments pages I can see that I'm logged in. When iSiloX saves the .ixl file, though, the cookie is erased. I have the cookie set to never expire. The "ReadOnly" flag is set, and I do not have "Discard" set. What's up?

Here are the cookies (one for for the host "slashdot.org", and one for the domain ".slashdot.org") that get eaten. If necessary I can provide before and after snapshots of the entire .ixl file.


<CookieOptions>
<SendCookies value="yes"/>
<ReceiveCookies value="yes"/>
<Cookies>
<Cookie>
<ReadOnly value="yes"/>
<DoNotSend value="no"/>
<Discard value="no"/>
<Secure value="no"/>
<Name>user</Name>
<Value>669212::EFof0hQ95bmJlN5VN0biWV</Value>
<Path>/</Path>
<Domain>.slashdot.org</Domain>
</Cookie>
<Cookie>
<ReadOnly value="yes"/>
<DoNotSend value="no"/>
<Discard value="no"/>
<Secure value="no"/>
<Name>user</Name>
<Value>669212::EFof0hQ95bmJlN5VN0biWV</Value>
<Path>/</Path>
<Domain>slashdot.org</Domain>
</Cookie>
</Cookies>
</CookieOptions>
Steve King
12-07-2004, 06:18 AM
Okay, I think I've tracked down this behavior to the way Slashdot invalidates cookies when you logout. What I was doing was logging in (using my browser) to the userid I use for skimming stuff to iSilo. I copied the cookie to iSiloX, then logged out. It seems that when you logout gracefully like this, Slashdot invalidates the previous login cookie. Good for security, that, but it makes it tough to grab for my PDA. Then when iSiloX connected, Slashdot saw the invalid cookie and just told iSiloX to delete it.

The workaround is that instead of logging out, I simply deleted the cookie from the browser's cache. Since I never actually logged out, the cookie remains valid and I can continue to use it in iSiloX.

So it's not actually an iSiloX problem after all. I do wonder, though, why a cookie marked "ReadOnly" in iSiloX can get deleted. I'm guessing that "ReadOnly" simply means that the contents can't be modified, but the entire thing can still be deleted?