[Sugar-devel] [PATCH] webactivity: seed the XS cookie at startup

Martin Langhoff martin.langhoff at gmail.com
Mon Feb 16 16:26:40 EST 2009


On Mon, Feb 16, 2009 at 9:36 PM, Simon Schampijer <simon at schampijer.de> wrote:
> Our registration URL is REGISTER_URL = 'http://schoolserver:8080/', wouldn't
> the right Domain than be 'schoolserver'? Since the cookie is about the
> registration with the schoolserver this makes most sense to me (the jabber
> server could be somewhere else).

Call me silly, but I really want to set it to the fqdn to avoid
exposing the cookie too much. Browse.xo homepage links to
http://schoolserver/ and that will match any wildcard dns entry,
needlessly pushing out info that is better kept quiet.

The XS will redirect to its own fqdn -- and there Browse.xo will send
the cookie.

> Well, all the calls in the try block are sqlite3 ones - if they fail - we
> catch it. If something else goes wrong - we want to fail and not hide ;p

This is of course a matter of style, and I'm not familiar with the
Sugar coding style. So with curiosity I ask... why? My PoV is that
this is an enhancement to the core function of Browse.xo . A
nice-to-have thing. If it fails (and noting that it happens at startup
time), it should not stop the user from getting the core functionality
of Browse.

> BTW: Is there a spec you used for the cookie format? I find field
> descriptions like expires - you name it expiry.

Well, there are some post-facto specs on the old 'cookies.txt' format,
but since it's moved to sqlite I don't think anyone has spec'd it.
Still, if you look at the cookies.txt formats, it is self-explanatory.

In terms of where I got the fieldnames from, I did:

$ cd .mozilla/firefox/2hrgnz74.default/
$ ls cookies.
cookies.sqlite  cookies.txt
$ sqlite3 cookies.sqlite
SQLite version 3.5.9
Enter ".help" for instructions
sqlite> .schema moz_cookies
CREATE TABLE moz_cookies (id INTEGER PRIMARY KEY, name TEXT, value
TEXT, host TEXT, path TEXT,expiry INTEGER, lastAccessed INTEGER,
isSecure INTEGER, isHttpOnly INTEGER);

and I copy/pasted that. That's how the semicolon sneaked in :-/

thanks!


m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff


More information about the Sugar-devel mailing list