Project

General

Profile

Actions

Feature #1455

closed

patch for mod_usertrack to use of expires versus max-age

Added by MitchLewandowski about 17 years ago. Updated 12 months ago.

Status:
Obsolete
Priority:
Normal
Category:
mod_usertrack
Target version:
-
ASK QUESTIONS IN Forums:
No

Description

My company has had a need recently to issue cookies with a decently sized max-age (1 year). With the value for max-age being a unsigned short in mod_usertrack, and being issued in seconds, we couldn't use a value that large (would exceed the boundries of a unsigned short).

At first, we made a patch to mod_usertrack for that value to be an unsigned long, so we could set a value that large. The problem was that it seemed that only Firefox was RFC compliant, or at least it was the only one honoring max-age as a non-temporary cookie.

Looking at how Google was setting cookies, they were setting the expires header versus max-age. We created a new patch to issue expires, and also setting the value for max-age to months, versus seconds.

From our config:


# the max-age value is set in months
usertrack.cookie-max-age = 12

The patch is attached, if you feel it acceptable, we'd love to have it integrated into the main source.


Files

lighttpd-usertrack-expires.patch (1.28 KB) lighttpd-usertrack-expires.patch MitchLewandowski, 2007-11-14 21:04
Actions #1

Updated by MitchLewandowski about 17 years ago

Obviously you wouldn't need the commented versions of what we replaced (forgot we didn't remove those after we got it to work).

Actions #2

Updated by stbuehler about 16 years ago

  • Target version changed from 1.4.20 to 1.4.21
Actions #3

Updated by icy almost 16 years ago

  • Target version changed from 1.4.21 to 1.4.22
  • Patch available set to Yes
Actions #4

Updated by stbuehler almost 16 years ago

  • Target version changed from 1.4.22 to 1.4.23
Actions #5

Updated by stbuehler over 15 years ago

  • Target version changed from 1.4.23 to 1.4.24
Actions #6

Updated by stbuehler about 15 years ago

  • Status changed from New to Wontfix
  • Assignee deleted (jan)
  • Target version deleted (1.4.24)

(T_CONFIG_INT solves the range problem)

Let me quote http://blogs.msdn.com/ieinternals/archive/2009/08/20/WinINET-IE-Cookie-Internals-FAQ.aspx:

Internet Explorer (including IE8) does not attempt to support any RFC for cookies.

Now if they would argue why max-age is a bad idea one could understand it. But i think max-age is the better parameter (expires requires synchronized clocks), and i don't care about stupid software; and the expires syntax if not rfc conform (unquoted value).

Actions #7

Updated by gstrauss 12 months ago

  • ASK QUESTIONS IN Forums set to No

mod_usertrack is no longer part of the lighttpd base
For replacement, see lua mod_usertrack

Actions #8

Updated by gstrauss 12 months ago

  • Status changed from Wontfix to Obsolete
Actions

Also available in: Atom