will trillich wrote:
>
> On Fri, Jun 22, 2001 at 12:32:28PM -0700, Doug MacEachern wrote:
>
> > quoting his email:
> > "The cookie records, in part, the time of the last access to
> > the site. Therefore for each access the cookie is updated."
> >
> > that to me sounds like a header "which may have changed independently of
> > the entity's Last-Modified date".
>
> maybe storing 'last-access-time' on the server, instead of in
> the client-side, via cookie, would solve this snafu?
But if you want to give out a new cookie on every request ?
How would you prevent them from copying or tampering with the contents?
a MD5-hash would stop them from changing values, but they could still copy the cookie,
so the next idea is timeouts, and when you use timeouts it would be nice if the user
don't have to login every couple of minutes, but would get a new valid cookie
automaticly...
I would love to solve this some other way, but i have yet to find an other way.
Any ideas ?
