Forum OpenACS Q&A: Response to lynx, cookies and ACS sessions

Posted by Jonathan Marsden on
I see this behaviour too, using Lynx to browse and So as far as I can see, it is not you doing something wrong. You appear to me to have found a genuine bug.

Encoding the cookie values seems a good solution to me, though you'd have to allow for "converting" old non-encoded cookies too, unless you wish to break all current stored cookies!

Cookies are set in only 17 or so .tcl files within OpenACS 3.2.4. Hand hacking these places to use ns_urlencode would be pretty straightforward from a quick scan of the relevant code (do something like

   grep -ri Set-Cookie *

at the top of your ACS tree to find them).

Finding the places where cookies are searched for in the headers (to attempt decoding in each place) is marginally more interesting, but I suspect that something like

  egrep -ri "ns_set get .*Cookie" *

will find them, and again there are not too many places to hack in a call to ns_urldecode.