patch for mod_usertrack to use of expires versus max-age
My company has had a need recently to issue cookies with a decently sized max-age (1 year). With the value for max-age being a unsigned short in mod_usertrack, and being issued in seconds, we couldn't use a value that large (would exceed the boundries of a unsigned short).
At first, we made a patch to mod_usertrack for that value to be an unsigned long, so we could set a value that large. The problem was that it seemed that only Firefox was RFC compliant, or at least it was the only one honoring max-age as a non-temporary cookie.
Looking at how Google was setting cookies, they were setting the expires header versus max-age. We created a new patch to issue expires, and also setting the value for max-age to months, versus seconds.
From our config:
# the max-age value is set in months usertrack.cookie-max-age = 12
The patch is attached, if you feel it acceptable, we'd love to have it integrated into the main source.
#6 Updated by stbuehler over 6 years ago
- Status changed from New to Wontfix
- Assignee deleted (
- Target version deleted (
(T_CONFIG_INT solves the range problem)
Internet Explorer (including IE8) does not attempt to support any RFC for cookies.
Now if they would argue why max-age is a bad idea one could understand it. But i think max-age is the better parameter (expires requires synchronized clocks), and i don't care about stupid software; and the expires syntax if not rfc conform (unquoted value).
Also available in: Atom