Feature #1455


patch for mod_usertrack to use of expires versus max-age

Added by MitchLewandowski over 16 years ago. Updated 7 months ago.

Target version:


My company has had a need recently to issue cookies with a decently sized max-age (1 year). With the value for max-age being a unsigned short in mod_usertrack, and being issued in seconds, we couldn't use a value that large (would exceed the boundries of a unsigned short).

At first, we made a patch to mod_usertrack for that value to be an unsigned long, so we could set a value that large. The problem was that it seemed that only Firefox was RFC compliant, or at least it was the only one honoring max-age as a non-temporary cookie.

Looking at how Google was setting cookies, they were setting the expires header versus max-age. We created a new patch to issue expires, and also setting the value for max-age to months, versus seconds.

From our config:

# the max-age value is set in months
usertrack.cookie-max-age = 12

The patch is attached, if you feel it acceptable, we'd love to have it integrated into the main source.


lighttpd-usertrack-expires.patch (1.28 KB) lighttpd-usertrack-expires.patch MitchLewandowski, 2007-11-14 21:04
Actions #1

Updated by MitchLewandowski over 16 years ago

Obviously you wouldn't need the commented versions of what we replaced (forgot we didn't remove those after we got it to work).

Actions #2

Updated by stbuehler almost 16 years ago

  • Target version changed from 1.4.20 to 1.4.21
Actions #3

Updated by icy over 15 years ago

  • Target version changed from 1.4.21 to 1.4.22
  • Patch available set to Yes
Actions #4

Updated by stbuehler over 15 years ago

  • Target version changed from 1.4.22 to 1.4.23
Actions #5

Updated by stbuehler about 15 years ago

  • Target version changed from 1.4.23 to 1.4.24
Actions #6

Updated by stbuehler almost 15 years ago

  • Status changed from New to Wontfix
  • Assignee deleted (jan)
  • Target version deleted (1.4.24)

(T_CONFIG_INT solves the range problem)

Let me quote

Internet Explorer (including IE8) does not attempt to support any RFC for cookies.

Now if they would argue why max-age is a bad idea one could understand it. But i think max-age is the better parameter (expires requires synchronized clocks), and i don't care about stupid software; and the expires syntax if not rfc conform (unquoted value).

Actions #7

Updated by gstrauss 7 months ago

  • ASK QUESTIONS IN Forums set to No

mod_usertrack is no longer part of the lighttpd base
For replacement, see lua mod_usertrack

Actions #8

Updated by gstrauss 7 months ago

  • Status changed from Wontfix to Obsolete

Also available in: Atom