brian 98/06/30 23:52:32
Modified: htdocs/manual/mod mod_usertrack.html Log: Add analysis done by Christian Sane Revision Changes Path 1.17 +42 -0 apache-1.3/htdocs/manual/mod/mod_usertrack.html Index: mod_usertrack.html =================================================================== RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/mod_usertrack.html,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- mod_usertrack.html 1998/05/20 14:13:00 1.16 +++ mod_usertrack.html 1998/07/01 06:52:32 1.17 @@ -110,6 +110,48 @@ on a per-server or per-directory basis. By default, compiling mod_usertrack will not activate cookies. +<HR> + +<H2>2-digit or 4-digit dates for cookies?</H2> + +(the following is from message +<[EMAIL PROTECTED]> in +the new-httpd archives) + +<P> + +<PRE> +From: "Christian Allen" <[EMAIL PROTECTED]> +Subject: Re: Apache Y2K bug in mod_usertrack.c +Date: Tue, 30 Jun 1998 11:41:56 -0400 + +Did some work with cookies and dug up some info that might be useful. + +True, Netscape claims that the correct format NOW is four digit dates, and +four digit dates do in fact work... for Netscape 4.x (Communicator), that +is. However, 3.x and below do NOT accept them. It seems that Netscape +originally had a 2-digit standard, and then with all of the Y2K hype and +probably a few complaints, changed to a four digit date for Communicator. +Fortunately, 4.x also understands the 2-digit format, and so the best way to +ensure that your expiration date is legible to the client's browser is to +use 2-digit dates. + +However, this does not limit expiration dates to the year 2000; if you use +an expiration year of "13", for example, it is interpreted as 2013, NOT +1913! In fact, you can use an expiration year of up to "37", and it will be +understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure +about versions previous to those). Not sure why Netscape used that +particular year as its cut-off point, but my guess is that it was in respect +to UNIX's 2038 problem. Netscape/MSIE 4.x seem to be able to understand +2-digit years beyond that, at least until "50" for sure (I think they +understand up until about "70", but not for sure). + +Summary: Mozilla 3.x and up understands two digit dates up until "37" +(2037). Mozilla 4.x understands up until at least "50" (2050) in 2-digit +form, but also understands 4-digit years, which can probably reach up until +9999. Your best bet for sending a long-life cookie is to send it for some +time late in the year "37". +</PRE> <!--#include virtual="footer.html" --> </BODY>
