From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from resqmta-ch2-01v.sys.comcast.net (resqmta-ch2-01v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:33]) by hurricane.the-brannons.com (Postfix) with ESMTPS id E674677C8C for ; Sat, 19 Dec 2015 05:24:25 -0800 (PST) Received: from resomta-ch2-10v.sys.comcast.net ([69.252.207.106]) by resqmta-ch2-01v.sys.comcast.net with comcast id vRQT1r0012JGN3p01RQTE1; Sat, 19 Dec 2015 13:24:27 +0000 Received: from eklhad ([IPv6:2601:405:4001:e487:21e:4fff:fec2:a0f1]) by resomta-ch2-10v.sys.comcast.net with comcast id vRQS1r00N2MDcd701RQSoa; Sat, 19 Dec 2015 13:24:26 +0000 To: Edbrowse-dev@lists.the-brannons.com From: Karl Dahlke Reply-to: Karl Dahlke References: <20151218202619.GA5465@acer.attlocal.net> User-Agent: edbrowse/3.6.0+ Date: Sat, 19 Dec 2015 08:24:26 -0500 Message-ID: <20151119082426.eklhad@comcast.net> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1450531467; bh=o7nj+QZGD3106sgsAPK3RjaODjyz8KQF8rSrekbHnQ4=; h=Received:Received:To:From:Reply-to:Subject:Date:Message-ID: Mime-Version:Content-Type; b=chf6EmuTIW97Vip8p54hA+mUT/dz3nM1VtZ7+CN7/3MONcX4bAbZpMKEK60KCA8Fr OM6GLl+5gyR84rzjpFfSv+9+ufgvSAWaq5nzG8hz0sT9sHzI1bbQrwAAM9YxJsB6X6 PjDyCR5AgDlyoEiqsB1i0rqExe20p9hX0Zvlx3zXWUIhueUY0LnItp6ZgwezhgO6s9 R/Z9EQrvyIQMLdIoP62M8YN/G41IAOQVU2FfM96UQIPYGLXIUNOHvdWcCznfafPF+n Aeljn5UkXTD4Xs8usVun0IS//1BXlVCQunOwm+wLkD3F2E3xDyjt56viA+a9G0XdRS 0hbois0UNCgBQ== Subject: [Edbrowse-dev] Accessing fastmail X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Dec 2015 13:24:26 -0000 Chuck, this sort of error > There was a session security key mismatch. is almost certainly a cookie problem. Websites set cookies that "remember" the session and if the cookie is not returned in kind the server invalidates the session. This goes back to another email posted, wherein the login button has an onsubmit function that sets the cookie, probably the session cookie described above. So I imagine this session cookie is not set properly in js, back to edbrowse, and into curl, or some such. The cookie code posted seems incompatible with what the document.cookie settter function expects. use_classic=1;max-age=604800;expires=Fri, 25 Dec 2015 01:52:50GMT;path=/ All run together no spaces. However, look through the foldinCookie() function in jseng-moz.cpp. I think it expects spaces after the semis though that isn't the problem, it definitely expects a tab between the cookie itself and the expires path attributes. In other words, I'm not sure this is netscape cookie format. 1. What can really be fed to document.cookie in js. 2. Did you post this per characters, is this really the string that foldinCookie has to swallow? 3. If yes then how does it magically know what are cookies and what are cookie attributes, without the tab? Again I don't have a login here, but Maybe Kevin and Chuck can answer some of these, and Chris as our resident cookie expert. Again, if we fix this problem for this site a lot of other sites will start working; the session cookie is a very common strategy on the internet. Karl Dahlke