#i2p-dev (irc2p) | 2.8.0-7-rc | Checkin deadline Fri. Mar. 14 | ACTION REQUIRED git.idk.i2p account deletion http://i2pforum.i2p/viewtopic.php?t=1312 | Upcoming reviews Tuesdays 8 PM UTC #ls2: prop 169 Mar. 18; prop. 167 Apr 1; prop. 163 Apr. 15

#i2p-dev

/2023/09/18

Online: 61

@eyedeekay

&kytv

&zzz

+R4SAS

+RN

+StormyCloud

+T3s|4

+acetone

+dr|z3d

+hagen

+hk

+lbt

+orignal

+postman

+radakayot

+segfault

+wodencafe

Arch

Danny

DeltaOreo

FreefallHeavens_

Irc2PGuest10722

Irc2PGuest12249

Irc2PGuest18129

Irc2PGuest27222

Irc2PGuest54664

Irc2PGuest59134

Irc2PGuest86934

Irc2PGuest90091

Irc2PGuest92478

Leopold

Nausicaa

Onn4l7h

Onn4|7h

Sleepy

Soni

T3s|4_

Teeed

aeiou

aisle1

ardu

b3t4f4c3___

bak83

boonst

bpb

defaultnick

dickless

dr4wd3_

enoxa

eyedeekay_bnc

poriori_

profetikla

qend-irc2p

rapidash

shiver_

snow

solidx66

u5657

uop23ip

w8rabbit

x74a6

dr|z3d another theory, just a theory, regarding flash of white for snark, zzz, is that firefox is treating it as a separate domain on account of the separate cookie and isolating it. haven't researched it, just a theory. I doubt there's anything we can do to have snark share the console cookie?

zzz dr|z3d, pretty sure it's shared across webapps, you don't have to login separately for each webapp

zzz and it's shared domain

dr|z3d you may be right, just a theory. however, when I look at my cookie storage, I see 2 cookies, one for / and one for /susidns

dr|z3d we also have cookies being set for eepsites via jetty. I vaguely recall trying to turn those off, probably not what we want as default, may dive into it again.

zzz sure, eepsites are different

dr|z3d yup, just saying while we were on the subject of cookies. :)

dr|z3d and we should be ensuring all console/webap cookies are HttpOnly, no?

dr|z3d here, console is, susidns isn't. but maybe the susidns cookie shouldn't exist.

zzz we have a whole pile of code in RouterConsoleRunner to ensure all the webapps are on a common auth...

zzz not sure about separate cookies

zzz the httponly stuff, and cookies in general, is a huge mess iirc, because the jetty API changed completely from 9.3 to 9.4

zzz so we'd have to deal with both and have a big debian patch to make it work for both

dr|z3d yeah, I've always found jetty's cookie management to be less that intuitive, like most of jetty's configuration.

zzz I've looked at it a couple times and said nah, not worth it

zzz if firefox clamps down we;ll take another look

orignal zzz, what's wrong with XU?

orignal you might have very good bandwidth no ipv4

orignal *but