On 11/24/08, David Dooling <[EMAIL PROTECTED]> wrote: > An expiration time can be set on a cookie. If you looks at your > cookies in Firefox, it will show when it expires. Some have a > specific expiration time and some are set to expire when the session > ends, i.e., you exit the browser. Presumably the latter would be > enforced by the browser which would explain why you are able to > circumvent that in wget and why you are able to recover session after > Firefox crashes.
I do understand that an experiation time can be set on a cookie and that the browser keeps track of cookies. I'm also assuming that the server keeps track of cookies, but I haven't seen that documented anywhere. However, I still don't understand two items: - who sets the expiration time: the server or the client? - who enforces the expriation time: the server or the client? My hunch thus far is that the server sets the expiration time and enforces it. That is, if the client sends a cookie back to the server, it's up to the server to determine if it has expired and reject it if it has. The exception seems to be session cookies, i.e cookies without an expiration date. In that case the server will accept the cookie forever (or until a reboot/reload/restart) and assumes the client will do the right thing and remove the cookie. Unfortunately, I couldn't confirm my hunch with a quick glance through the RFC: http://www.ietf.org/rfc/rfc2965.txt So, I'll have to do a more thorough reading later. Regards, - Robert --~--~---------~--~----~------------~-------~--~----~ Central West End Linux Users Group (via Google Groups) Main page: http://www.cwelug.org To post: [email protected] To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] More options: http://groups.google.com/group/cwelug -~----------~----~----~----~------~----~------~--~---
