It seems like the intention of the following call to cgi_set_cookie() is to generate a cookie to expire immediately, and direct the browser to remove it (at least this could make sense for login cookies):
http://fossil-scm.org/index.html/artifact?name=4e7cdb5c6a&ln=354-355 But in this case, cgi_set_cookie() creates a cookie with an empty value, and no "max-age" directive. Would it make sense to modify cgi_set_cookie() like this: lifetime<=0 → max-age=0 This seems compatible with all (6) calls to cgi_set_cookie(). It would no longer be possible to generate cookies without expiration information, but the call linked above is currently the only one to take this code path. Another approach may be to modify cgi_set_cookie() to automatically add "max-age=0" for any cookies with empty values, which could also work together with the modified "lifetime" check. Thanks, --Florian _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
