NYTimes web cookies

Dr.Dimitri Vulis KOTM dlv at bwalk.dm.com
Sun Jan 25 14:06:00 PST 1998



nobody at REPLAY.COM (Anonymous) writes:
> ghio at temp0199.myriad.ml.org (Matthew Ghio) wrote:
>
> > It doesn't check the PW or ID at all except the first time you log in.
> > After that it generates a new cookie titled NPLCNYT and that is the only
> > cookie it checks; the PW and ID are not required to be there at all.
> > If you delete the NPLCNYT cookie, it will check the PW/ID and generate
> > a new one.  An example cookie is below:
> >
> > NPLCNYT=AAAALw>AAAAAX9IUUWiPhfALqHZuSh2mUM0yzNOwGRReAAAAAsAAAAAY3lwaGVycHVu
>
> I put this wafer in my junkbuster-configfile and disabled all other cookies,
> and NYTimes let me in without asking for a password, but after I read a few
> articles, the site started behaving strangely, where the server would seem
> to hang on certain pages, taking forever to send the html.

I played around with nytimes.com some more and I'm certain that it does check
for the presense the ID= in the cookie (but not the value).

Apparently the following 2 is necessary and sufficient:
NPLCNYT=(whatever it tried to set it to)
ID=(anything; I used ID=0 to save bandwidth)

With ID=0, it says "welcome, 0" of the first page and I see no problems.

> Interesting though.  Maybe we should hold a cypherpunks 'potluck' where
> everyone trades cookies.  :)

A good idea. here are more of mine:

#.reference.com
wafer userid=cypherpunks at bwalk.dm.com
wafer passwd=cypherpunks

(I haven't been able to register cypherpunks at algebra.com on reference.com)

# amazon.com cypherpunks at algebra.com cypherpunks
wafer group_discount_cookie=F
wafer session-id=1451-4798095-404463
wafer session-id-time=886320000
wafer ubid-main=3578-1328899-434066
wafer cf=c90fe571f7b5f873

By the way, junkbuster does NOT strip cookies in secure http. Be careful.

---

Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps







More information about the cypherpunks-legacy mailing list