[WEB4LIB] Re: Got Milk? Got Cookies? Got Authentication?

Richard Goerwitz richard at goon.stg.brown.edu
Mon Jan 11 20:55:26 EST 1999


lydia wrote, regarding Harvard's URL-rewriting proxy system:

> Actually, rewriting cookies in a URL-rewriting system _is_ possible if
> you're willing to mess with the HTTP headers as well as just the HTML
> source. The current Harvard proxy system does have this functionality,
> and it handles cookies just fine. We simply rewrite cookies along with
> rewriting URLs.

Just curious:  How to you handle domain-restricted cookies?  E.g., if I'm
a vendor with servers in the foo.bar.com domain (e.g., www.foo.bar.com,
ejournals.foo.bar.com, dbases.foo.bar.com), and my web server sends back
a domain=foo.bar.com cookie, how does the client know to send the cookie
back to your URL-rewriting server?  Or, assuming you rewrite the domain=
part of the cookie, how do you avoid the client massing cookies for the
URL rewriter?

Incidentally, we tried to get URL rewriting working here at Brown, and
never could get the blasted stuff to work satisfactorily, so (as I've
said to some of you guys in person), you deserve congratulations, along
with the UVa people, and others, on pulling it off.

> Now, trying to script a connection to a login-restricted system that
> requires cookies... _that_ is a problem.

By login-restricted, you mean that it requires a username and password,
I gather?  We have a system that's very different from yours.  Actually,
most libraries do.  Could you elaborate just a bit, for those of us out
here who are interested in such matters, on what the problems are?

-- 

Richard Goerwitz
PGP key fingerprint:    C1 3E F4 23 7C 33 51 8D  3B 88 53 57 56 0D 38 A0
For more info (mail, phone, fax no.):  finger richard at goon.stg.brown.edu


More information about the Web4lib mailing list