NYTimes web cookies
Dr.Dimitri Vulis KOTM
dlv at bwalk.dm.com
Sun Jan 25 14:06:00 PST 1998
nobody at REPLAY.COM (Anonymous) writes:
> ghio at temp0199.myriad.ml.org (Matthew Ghio) wrote:
>
> > It doesn't check the PW or ID at all except the first time you log in.
> > After that it generates a new cookie titled NPLCNYT and that is the only
> > cookie it checks; the PW and ID are not required to be there at all.
> > If you delete the NPLCNYT cookie, it will check the PW/ID and generate
> > a new one. An example cookie is below:
> >
> > NPLCNYT=AAAALw>AAAAAX9IUUWiPhfALqHZuSh2mUM0yzNOwGRReAAAAAsAAAAAY3lwaGVycHVu
>
> I put this wafer in my junkbuster-configfile and disabled all other cookies,
> and NYTimes let me in without asking for a password, but after I read a few
> articles, the site started behaving strangely, where the server would seem
> to hang on certain pages, taking forever to send the html.
I played around with nytimes.com some more and I'm certain that it does check
for the presense the ID= in the cookie (but not the value).
Apparently the following 2 is necessary and sufficient:
NPLCNYT=(whatever it tried to set it to)
ID=(anything; I used ID=0 to save bandwidth)
With ID=0, it says "welcome, 0" of the first page and I see no problems.
> Interesting though. Maybe we should hold a cypherpunks 'potluck' where
> everyone trades cookies. :)
A good idea. here are more of mine:
#.reference.com
wafer userid=cypherpunks at bwalk.dm.com
wafer passwd=cypherpunks
(I haven't been able to register cypherpunks at algebra.com on reference.com)
# amazon.com cypherpunks at algebra.com cypherpunks
wafer group_discount_cookie=F
wafer session-id=1451-4798095-404463
wafer session-id-time=886320000
wafer ubid-main=3578-1328899-434066
wafer cf=c90fe571f7b5f873
By the way, junkbuster does NOT strip cookies in secure http. Be careful.
---
Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
More information about the cypherpunks-legacy
mailing list