Feature #1455
closedpatch for mod_usertrack to use of expires versus max-age
Description
My company has had a need recently to issue cookies with a decently sized max-age (1 year). With the value for max-age being a unsigned short in mod_usertrack, and being issued in seconds, we couldn't use a value that large (would exceed the boundries of a unsigned short).
At first, we made a patch to mod_usertrack for that value to be an unsigned long, so we could set a value that large. The problem was that it seemed that only Firefox was RFC compliant, or at least it was the only one honoring max-age as a non-temporary cookie.
Looking at how Google was setting cookies, they were setting the expires header versus max-age. We created a new patch to issue expires, and also setting the value for max-age to months, versus seconds.
From our config:
# the max-age value is set in months usertrack.cookie-max-age = 12
The patch is attached, if you feel it acceptable, we'd love to have it integrated into the main source.
Files
Updated by MitchLewandowski about 17 years ago
Obviously you wouldn't need the commented versions of what we replaced (forgot we didn't remove those after we got it to work).
Updated by stbuehler about 16 years ago
- Target version changed from 1.4.20 to 1.4.21
Updated by icy almost 16 years ago
- Target version changed from 1.4.21 to 1.4.22
- Patch available set to Yes
Updated by stbuehler almost 16 years ago
- Target version changed from 1.4.22 to 1.4.23
Updated by stbuehler over 15 years ago
- Target version changed from 1.4.23 to 1.4.24
Updated by stbuehler about 15 years ago
- Status changed from New to Wontfix
- Assignee deleted (
jan) - Target version deleted (
1.4.24)
(T_CONFIG_INT solves the range problem)
Let me quote http://blogs.msdn.com/ieinternals/archive/2009/08/20/WinINET-IE-Cookie-Internals-FAQ.aspx:
Internet Explorer (including IE8) does not attempt to support any RFC for cookies.
Now if they would argue why max-age is a bad idea one could understand it. But i think max-age is the better parameter (expires requires synchronized clocks), and i don't care about stupid software; and the expires syntax if not rfc conform (unquoted value).
Updated by gstrauss 12 months ago
- ASK QUESTIONS IN Forums set to No
mod_usertrack is no longer part of the lighttpd base
For replacement, see lua mod_usertrack
Also available in: Atom