Cookies and Logins
[Yes, more from IJSM.org's WP Channel: All WordPress posts, all the time!]
While waiting with bated breath for WordPress MultiUser to come out at a 1.0 level, I have a conundrum: I can’t stay logged in to all of the RMFO-Blogs installations. I get the feeling that this is a cookie issue, but I’m not sure. Anyone who’s stared at the login code got any ideas? I’ve spent too much time fighting NASA property management regulations this week to stare at code.
Update: Insomnia at 0345 4 Mar 2005 led me to Google “maximum cookies per domain”; MSDN tells me that RFC 2109 tells user agents to keep at least 20 cookies per domain. The exact text from paragraph 6.3, emphasis mine:
6.3 Implementation Limits
Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents’ cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents should provide each of the following minimum capabilities individually, although not necessarily simultaneously:
- at least 300 cookies
- at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)
- at least 20 cookies per unique host or domain name
User agents created for specific purposes or for limited-capacity devices should provide at least 20 cookies of 4096 bytes, to ensure that the user can interact with a session-based origin server.
The information in a Set-Cookie response header must be retained in its entirety. If for some reason there is inadequate space to store the cookie, it must be discarded, not truncated.
Applications should use as few and as small cookies as possible, and they should cope gracefully with the loss of a cookie.
This goes back to the same kind of behavior seen with Mozilla foundation radically limiting the number of cookies you can set. When I’m not battling insomnia, I should so file a Bugzilla bug.
Geof, I just emailed you the answer, but for the sake of everyone else, there is now a pref in Mozilla and Firefox that allows you to modify the maximum cookies per host. To quote from my email:
In the address bar of Mozilla or Firefox, type “about:config” and go there; you’ll see your configuration. Type “cookie” into the filter at the top, and you should get filtered down to those prefs related to cookies. Look for the line “network.cookie.maxPerHost” — if it’s not there, then again, the default is 50. If it IS there, edit it to whatever you want; if it’s not there, then right-click, choose New and then Integer, add it and make its value what you want it to be.
Note that there’s another pref, “network.cookie.maxNumber”, that governs the TOTAL maximum number of cookies, and obviously the maxPerHost can’t exceed that.
I totally agree that this is stupid, both to have any limits at ALL and to make those limits only changeable through this stupid interface, but once I “won” the fight to be able to modify the limits on the user side at ALL, I lost the energy to continue fighting to eradicate them altogether.
March 26th, 2005 at 14:42