Cookie Crumbs

[DZBone 0]

This may be a school of red herrings, but it may help explain some of the odd login problems people are having.
These are all things I have observed using Mozilla 0.9.3 on RH Linux 7.1.
It seems like there are several different cookies that are used by dz.com to "remember" login information, but "Username" and "Password" seem to be the main ones. There is another (persistent) one called sid that may also be involved.
Anyway, at one point I had multiple copies of Username and Password (3 each), each with a different path associated with them (this is from memory, as I have since deleted them, but I think they were "/", "/cgi-bin/forums" and "/cgi-bin/forums/forum.pl"). Also, each of the Password entries were different (all mangled). I have never changed my password. There were also cookies under both "dropzone.com" and "www.dropzone.com".
OK, so I deleted all the cookies I could find for "dropzone.com" and "www.dropzone.com", and turned on "warn me before accepting cookies" to see what was going on. Unfortunately, Mozilla doesn't give all the information about each cookie like NS used to, but in any case...
When you log into the main front page, it sets Username and Password, however, the Password is not mangled. If you then go to the forums, it looks like you are logged in partially, as the unread counts of each forum are correct, but the "Login" and "New User" links are active. If you click on "Login", it sets cookies again, and this time Password is mangled. From here, things seem to work OK.
So, for what it's worth, there are a few things that are going on that may be causing trouble:
1. Old-skool cookies are left behind? I only guess this based on what I saw before I erased them all, and what new ones were added. This may be confising some browsers and/or the server scripts, if the wrong cookies are being read for data.
2. Different cookies for "dropzone.com" and "www.dropzone.com". This may also get things confused. It appears that the www prefix is wired into some of the pages, so if one browses to "dropzone.com", and the cookies are set for this domain, but then the pages link to "www.dropzone.com" which may also cause cookie confusion.
3. Mangled vs. Unmangled Password. My guess is that this would cause some confusion in the server scripts. How do they know what format it is in? It seems like some of the code either can deal with it, doesn't care, or ignores the Password cookie (uses "sid"?).
Like I say, a lot of this is from memory, and there are assumptions and leaps of logic here. Also, I am no expert on how various browsers and servers interpret ambiguous cookies, etc., but there may be something helpful here for diagnosing the ills.
Carl