75 lines
2.4 KiB
Plaintext
75 lines
2.4 KiB
Plaintext
Jan 2002, Jörgen Viksell - jorgen.viksell@telia.com,
|
|
Jorge Arellano Cid --
|
|
Last update: March 2010
|
|
|
|
|
|
==================
|
|
Cookies in Dillo
|
|
==================
|
|
|
|
The current specification for cookies is RFC 6265
|
|
( http://tools.ietf.org/html/rfc6265 ).
|
|
|
|
Cookies are handled by a dpi (plugin) which shares them between your
|
|
instances of Dillo.
|
|
|
|
Current cookie limits are: 20 per domain, and 1200 in total.
|
|
|
|
When the dpi exits, cookies that you have ACCEPTed are saved to
|
|
~/.dillo/cookies.txt, and ACCEPT_SESSION cookies are forgotten.
|
|
The dpi normally exits after a period of inactivity, but you can force it to
|
|
exit with the command "dpidc stop".
|
|
|
|
|
|
=====================
|
|
Controlling cookies
|
|
=====================
|
|
|
|
Out of the box, dillo rejects all cookies.
|
|
|
|
|
|
If you want to accept certain cookies, you can specify rules for different
|
|
domains in the file ~/.dillo/cookiesrc. The syntax looks like:
|
|
|
|
#host action
|
|
DEFAULT DENY
|
|
fltk.org ACCEPT
|
|
.host.com ACCEPT_SESSION
|
|
|
|
Line 0: Comment line begins with '#'.
|
|
Line 1: Deny all cookies from all domains not otherwise specified.
|
|
Line 2: Accept all cookies from fltk.org, and save them to
|
|
~/.dillo/cookies.txt when the cookies dpi exits.
|
|
Line 3: Accept all cookies from all subdomains of host.com, but
|
|
do not save them when the dpi exits.
|
|
|
|
|
|
If you are positive that you will never want any cookies, you can
|
|
configure/compile Dillo without cookie support. The option is:
|
|
./configure --disable-cookies
|
|
|
|
|
|
===================
|
|
Cookies & Privacy
|
|
===================
|
|
|
|
Cookies can be a severe threat to personal privacy. The pages you
|
|
visit can be tracked, logged, and associated to a personal data-record,
|
|
allowing the possibility of building a detailed profile of your
|
|
browsing habits.
|
|
|
|
This data is sold to companies that profit from direct use of such
|
|
information (SPAM, Spying, etc).
|
|
|
|
If this data is cross-referenced with other databases, they can end up
|
|
with more information than you have about yourself.
|
|
|
|
Some people may tell you this is "paranoid". But please, take my words
|
|
as those of someone who has written a web browser, a cookies implementation,
|
|
and who has deep understanding of HTTP and cookies.
|
|
|
|
The dillo project is especially concerned about privacy and security
|
|
issues. Our advice is to avoid cookies whenever possible and at most set
|
|
ACCEPT_SESSION to specific, trusted sites. -- You have been warned.
|
|
|