There's two ways to do this: the expire time on the cookie (less reliable) or setting an expire time as part of the cookie value (more reliable). And if you're using a cookie for anything other than a cryptographically random session id, be sure to add a checksum (MD5 or SHA1) so you can detect tampering.
Drew At 03:53 PM 4/23/02 -0400, John Saylor wrote: >( 02.04.23 15:16 -0400 ) Sean Quinlan: > > How do I either scrub the header or force Apache to resend the login > > request? > >If you use cookies to keep state, you can set a time stamp on them that >will force reauthentication once they expire. ====================================================================== Drew Taylor JA[P|m_p]H http://www.drewtaylor.com/ Just Another Perl|mod_perl Hacker mailto:[EMAIL PROTECTED] *** God bless America! *** ---------------------------------------------------------------------- Speakeasy.net: A DSL provider with a clue. Sign up today. http://www.speakeasy.net/refer/29655 ======================================================================
