Where's my cookie?

[ProxRocks]

i'm "in process" as i type...

just picked up a 3-pack of 2GB thumb drives and in-process of trying a install-from-thumb-drive... technically, i only need a 1GB, but the 3-pack was CHEAPER than ONE 1GB, lol...

UNFORTUNATELY, the thumb drives do NOT "spec" transfer rates on their packages... the "up to 480" is a marketing *SCAM*, but "don't get me started", Odd wouldn't want me blasting any non-minimalist earfuls, lol...

[Oddysey]

Who am I to be the "Proper Forum Police"? Look how long this thread has been off topic!

Oh, wait.... yeah, I'm an Admin, I guess I do have the power. But hey, what's a little power for, if not to be used for the benefit of all and sundry, this time by slightly ignoring the rules.

Post away, ProxRocks, maximum throttle!

If those are Sandisk Cruzers from Costco, they'll work just fine. Just be aware that they carry some malware on 'em. Make sure that AutoPlay is turned off before you jack them in, eh?


Oddysey

[ProxRocks]

no prob's there, i *NEVER* allow "auto-play"...


my attempts have been in vane...
what am i missing here?

i can BOOT from the USB, but i want to INSTALL from that USB, i can "boot" from an ANCIENT 1.44MB disk, whooptie doo...

maybe it's because i have NEVER used BartPE before and i'm "clueless" and i've done something 'not right'...


guess i'll Google-around...



update: it's "official" - i'm GIVING UP!!! i'm returning the 3-pack in the AM... after trying three DOZEN different user-posted methods found in cyberspace, i can't get these D@MN things (PNY 2GB Attache's) to do anything but BOOT from... and i'm certainly NOT about to buy another set just to see if it's the "brand" of thumb drive or something... these did, after all, "boot from"... but whooptie freakin' doo, i can "boot" from a 5.25 if you wanted me to...

[Oddysey]

Back on topic.....

I've reinstalled WXPSP2, which restored all "proper" locations for such things as Temporary Internet Files, History, and of course, Cookies. And yet I still am not getting any cookies from this forum's server. I've saved all the cookies from my previous box, the one with W98SESP1 on it, but the aforementioned server doesn't recognize either of them.

I'd really like to know what's going on here. You guys all say that you're getting cookie requests, and that you have a prxbx cookie (at least one, possibly more) stored on your drives, but when I look at the Log window (while visiting this site), I don't see any headers that mention cookies. I know that function works, I can see them as they occur on any other site I visit - only this one forum fails to send a cookie, or ask to see a cookie.

Vewy, vewy stwange.



Oddysey

[lnminente]

What did you test?
With and without IE motor based?
With and without proxomitron?

[ProxRocks]

if you are using sidki's config, activate the "Display Important Info 6.08.01 (fail) [sd] (d.0)", clear cache and refresh, now tell us if the "cookies" mouse-hover at the very bottom of the page, on the left, has a line through it, like this, or not...

if it has a line through it AND you are logged in under your username, then you are FAKING your cookie and you should **NOT** have ANY cookies stored, none, naughta, zip...

[Oddysey]

> What did I test?

I tested whether or not I'm getting any cookies from this website.

> With and without IE motor based?

IE doesn't have any motors, just an engine. And it's the only one I use.... I accept no substitutes.

> With and without proxomitron?

Both. Makes no difference, Proxo on, Proxo bypassed, Proxo out of the loop entirely (IE port set to 80, etc.)

> if you are using sidki's config......

Fail. As shown above, no matter what config set is loaded, I get the same results, just as no Proxo makes no difference.

The summary is the same as the story - I don't get no steenkin' cooookie!


Oddysey

[ProxRocks]

if you are not "faking" your cookie AND you ARE being logged in under your username, then you ARE sending/receiving a cookie, you simply can NOT log in under your username, post replies under your username, et cetera without a cookie... you HAVE a cookie, else you could NOT post under your username...

there are SEVERAL places within WinXP that cookies are stored, have you checked them ALL?

and for good-golly G's sake, whatever you do, do *NOT* "copy" one cookie from one machine and "paste" it into another, they simply do NOT "work" that way...
let each and every machine "write" its OWN cookie...


ps: when you figure out what's goin' on, let me know, 'cause if you "accidentally" stumbled into a way to browse "cookie-less", i want to know how 'cause i *DESPISE* cookies and would prefer *NOT* to have *ANY* (esecially Yahoo, one of like only THREE that i 'need' to ALLOW)...

[Graycode]

This site uses session cookies that browsers keep in memory. Session cookies are not written to a file, so you're not going to find cookie files for it. When you exit the browser then session cookie values vanish. If the site wanted your browser to remember values tomorrow or next year then the Set-Cookie: headers would have a expires= date in the future, and those would be stored in a file.

Here's a view showing this site's HTTP headers with cookie settings:
http://mbn.dk/q/?method=GET&url=http%3A%...tra=&vars=

Compare that to Google, which expires in 2 years and your browser will store that in a cookie file:
http://mbn.dk/q/?method=GET&url=http%3A%...tra=&vars=

Live.com various cookies expire in 7 to 10 years would be stored in a cookie file.
http://mbn.dk/q/?method=GET&url=http%3A%...tra=&vars=

[ProxRocks]

ah, forgot about "session only"...

is there a "remember me" option when you log into this form?
that should set the cookie's timestamp to a date in the future and prevent it from being a "session-only" cookie...


(me? i use a fake cookie, so i have no clue 'cause i "never" need to log in )

[Oddysey]

Graycode;

The way I read RFC2965 is that session cookies may be non-cached (as you say, in memory only), but that's not a requirement. Indeed, the spec does recommend that the UserAgent cache all state-tracking mechanisms (IOW, cookies), unless there is a security issue (multiple users of a machine, for instance).

Further, I do see session cookies in my cache, from other sites. And just as important, when I visit other sites, and I happen to view the log window, I see cookies coming through that are identified as session-only. No such thing occurs here at TUOPF. (At least, not for me.)

And to put the final nail in the coffin, if session cookies were held only in memory, then ProxRocks' faked cookies would never be read at all.

~!~!~!~!~!~
ProxRocks;

Do I see a box that says "Remember me"? No, that's something I mentioned in my first or second post in this thread. It's never appeared on my laptop's screen. That right there is cause for concern, at least to me.

So I thought it might be the User-Agent, the server might be sending me an incorrect page, based on whatever I'm sending in that string. So I faked that (thanks, Jak!), and no difference - still no "Remember me" link.

Frankly, I'm astounded at all this. Seems absolutely straightforward, no different than a million other XP users, but here I am, broken-hearted. At least I can sign in manually each time I visit, so it's a good thing I paid attention in Typing 101, way back when, eh?



Oddysey

[ProxRocks]

i'm running out of clues...

are you running any cache-CRAP like "DNSKong"?
do you have any third-party "cookie managers"?

[lnminente]

(Dec. 15, 2008 06:05 AM)Oddysey Wrote:  IE doesn't have any motors, just an engine. And it's the only one I use.... I accept no substitutes.

:P!!!! hehehe
Neither give a try to opera usb for example? Later you can delete it, it's only for localizing the problem

[ProxRocks]

trying a non-IE browser "should" help us narrow down if your cookie problem is related to your Proxo config...

ie, i just remembered, sidki has a header filter entitled "Set-Cookie: 5 Make Cookies Session only 8.01.01 (cch!) [srl sd] (d.r) (In)"...

now, whether the session-only is "memory-only" or "temporary cache" is another point-to-ponder...

[Graycode]

(Dec. 18, 2008 03:54 AM)Oddysey Wrote:  The way I read RFC2965 is that session cookies may be non-cached (as you say, in memory only), but that's not a requirement. Indeed, the spec does recommend that the UserAgent cache all state-tracking mechanisms (IOW, cookies), unless there is a security issue (multiple users of a machine, for instance).

RFC2965 describes the Set-Cookie2: header, different than the more commonly used Set-Cookie: without the '2'.

A browser storing long-term values from Set-Cookie: is dictated by the "expires=" date attribute.

A browser storing long-term values from Set-Cookie2: is dictated by the "Max-Age=" attribute, and it might optionally also contain "expires=". See section 3.3 of that RFC2965. It specifically states that if there is no Max-Age specified in the Set-Cookie2: header then "The default behavior is to discard the cookie when the user agent exits."

I don't know what Proxo does or doesn't do for those headers to avoid long-term tracking via cookies. What my proxy normally does for those headers is:
1) Strip out the "expires=" attribute when its specified date is in the future (setting an old expires date is the method by a server telling a browser to delete a cookie, as commonly happens when logging Out of a site).
2) Strip out the "Max-Age=" attribute when its specified value is not zero (setting zero is the method by a server telling a browser to delete a cookie).

Beyond those headers, there's also javascript methods that can assign & manipulate browser cookies.

(Dec. 18, 2008 03:54 AM)Oddysey Wrote:  And to put the final nail in the coffin, if session cookies were held only in memory, then ProxRocks' faked cookies would never be read at all.

Those faked cookies are being added by Proxo, they are not coming from a browser's storage.