>>>>> "Charles" == Charles Daminato <[EMAIL PROTECTED]> writes:
Charles> The way the default code works, when the browser is closed
Charles> the cookie no longer works. Our system will delete cookies
Charles> stored on the backend every 30 minutes, so a cookie will have
Charles> to be resubmitted (recreated) at that time as well.
Charles> At least, that's how I understand it works... someone more
Charles> familiar with cookies may say otherwise.
The default scripts issue the set cookie header w/o an expiration
date, so that is correct. Since the backend drops every 30 min, it
would not be unreasonable to set the cookie expiration date to
current+30min. It would also be beneficial for sites which only run
manage.cgi (or their own equiv code) via TLS/SSL to add the secure
only flag when sending the cookie to the browser. Not critical, but a
reasonable thing to do.
But note that there is no requirement that the cookie be sent as a
cookie. It can also be sent as a (hidden) form field. This is useful
in eg PalmOS's PQAs or with wml browsers. One could also register it
as a session variable and use your scripting environments built-in
session support. PHP4, ASP, ColdFusion et al can readily support
this. One advantage is that you can track when the cookie was first
issued and when it will therefore expire (given foreknowledge of the
backend servers magic 30min value); this will allow more elegant
recovery for long management sessions[1] than the current scripts[2]
offer.
If, OTOH, you are note doing a session at all, you can ignore the
cookie completely and just send the username/password tuple with each
command. At least the pre-XML docs indicated that was an acceptable
alternative. You should confirm with the current code that it still
works.
[1] I had to change the nameservers for several domains; when the
backend server expired my cookie, things just stopped working.
I had to go back to the entry URL and start again in order to
continue working. Just going back and/or reloading did not
trigger a new cookie.
[2] OK. I was using the pre-XML scripts; the current example
scripts might be better at this.
