Feature #1455

patch for mod_usertrack to use of expires versus max-age

Added by MitchLewandowski about 8 years ago. Updated over 6 years ago.

Target version:
Start date:
Due date:
% Done:


Missing in 1.5.x:


My company has had a need recently to issue cookies with a decently sized max-age (1 year). With the value for max-age being a unsigned short in mod_usertrack, and being issued in seconds, we couldn't use a value that large (would exceed the boundries of a unsigned short).

At first, we made a patch to mod_usertrack for that value to be an unsigned long, so we could set a value that large. The problem was that it seemed that only Firefox was RFC compliant, or at least it was the only one honoring max-age as a non-temporary cookie.

Looking at how Google was setting cookies, they were setting the expires header versus max-age. We created a new patch to issue expires, and also setting the value for max-age to months, versus seconds.

From our config:

# the max-age value is set in months
usertrack.cookie-max-age = 12

The patch is attached, if you feel it acceptable, we'd love to have it integrated into the main source.

lighttpd-usertrack-expires.patch Magnifier (1.28 KB) MitchLewandowski, 2007-11-14 21:04

Associated revisions

Revision 2641
Added by stbuehler over 6 years ago

mod_usertrack: Use T_CONFIG_INT for max-age, solves range problem (#1455)


#1 Updated by MitchLewandowski about 8 years ago

Obviously you wouldn't need the commented versions of what we replaced (forgot we didn't remove those after we got it to work).

#2 Updated by stbuehler over 7 years ago

  • Target version changed from 1.4.20 to 1.4.21

#3 Updated by icy about 7 years ago

  • Target version changed from 1.4.21 to 1.4.22
  • Patch available set to Yes

#4 Updated by stbuehler almost 7 years ago

  • Target version changed from 1.4.22 to 1.4.23

#5 Updated by stbuehler over 6 years ago

  • Target version changed from 1.4.23 to 1.4.24

#6 Updated by stbuehler over 6 years ago

  • Status changed from New to Wontfix
  • Assignee deleted (jan)
  • Target version deleted (1.4.24)

(T_CONFIG_INT solves the range problem)

Let me quote

Internet Explorer (including IE8) does not attempt to support any RFC for cookies.

Now if they would argue why max-age is a bad idea one could understand it. But i think max-age is the better parameter (expires requires synchronized clocks), and i don't care about stupid software; and the expires syntax if not rfc conform (unquoted value).

Also available in: Atom