Project

General

Profile

Actions
Copy link

Feature #1455

closed

patch for mod_usertrack to use of expires versus max-age

Added by MitchLewandowski about 17 years ago. Updated 11 months ago.

Status:
Obsolete
Priority:
Normal
Category:
mod_usertrack
Target version:
-
ASK QUESTIONS IN Forums:
No

Description

My company has had a need recently to issue cookies with a decently sized max-age (1 year). With the value for max-age being a unsigned short in mod_usertrack, and being issued in seconds, we couldn't use a value that large (would exceed the boundries of a unsigned short).

At first, we made a patch to mod_usertrack for that value to be an unsigned long, so we could set a value that large. The problem was that it seemed that only Firefox was RFC compliant, or at least it was the only one honoring max-age as a non-temporary cookie.

Looking at how Google was setting cookies, they were setting the expires header versus max-age. We created a new patch to issue expires, and also setting the value for max-age to months, versus seconds.

From our config:


# the max-age value is set in months
usertrack.cookie-max-age = 12

The patch is attached, if you feel it acceptable, we'd love to have it integrated into the main source.

Files

lighttpd-usertrack-expires.patch (1.28 KB) lighttpd-usertrack-expires.patch MitchLewandowski, 2007-11-14 21:04
Actions
Copy link
 #1

Updated by MitchLewandowski about 17 years ago

Obviously you wouldn't need the commented versions of what we replaced (forgot we didn't remove those after we got it to work).

Actions
Copy link
 #2

Updated by stbuehler about 16 years ago

  • Target version changed from 1.4.20 to 1.4.21
Actions
Copy link
 #3

Updated by icy almost 16 years ago

  • Target version changed from 1.4.21 to 1.4.22
  • Patch available set to Yes
Actions
Copy link
 #4

Updated by stbuehler over 15 years ago

  • Target version changed from 1.4.22 to 1.4.23
Actions
Copy link
 #5

Updated by stbuehler over 15 years ago

  • Target version changed from 1.4.23 to 1.4.24
Actions
Copy link
 #6

Updated by stbuehler about 15 years ago

  • Status changed from New to Wontfix
  • Assignee deleted (jan)
  • Target version deleted (1.4.24)

(T_CONFIG_INT solves the range problem)

Let me quote http://blogs.msdn.com/ieinternals/archive/2009/08/20/WinINET-IE-Cookie-Internals-FAQ.aspx:

Internet Explorer (including IE8) does not attempt to support any RFC for cookies.

Now if they would argue why max-age is a bad idea one could understand it. But i think max-age is the better parameter (expires requires synchronized clocks), and i don't care about stupid software; and the expires syntax if not rfc conform (unquoted value).

Actions
Copy link
 #7

Updated by gstrauss 11 months ago

  • ASK QUESTIONS IN Forums set to No

mod_usertrack is no longer part of the lighttpd base
For replacement, see lua mod_usertrack

Actions
Copy link
 #8

Updated by gstrauss 11 months ago

  • Status changed from Wontfix to Obsolete
Actions
Copy link

Also available in: Atom