Tom Jackson said: > The server has to have an independent method of maintaining and verifying > the session timeout; store it in the session. Oh yeah, I would never trust the cookie! My idea is to use an Ns_Cache with a set timeout, so I don't have to take care of that myself. So I just go for a session cookie. I'll leave that up to the server admin as config parameter...
> Your initial nscookie.c sends the Set-Cookie header as Cookie, which > doesn't actually set the cookie on the client. Yeah, noticed that real quick once I got the other problems sorted. :) It was late last night... > There is also a new Set-Cookie2 header with new requirements for reading > and sending cookies. Hmmm, I'll look into that. Not sure which browsers support it and in reality, I do not need the extra functionality. Cheers, Bas. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
