On Mon, Jun 12, 2006 at 06:19:01PM -0700, Matt Lewandowsky wrote:
> I was reviewing the mod_usertrack docs and a few things jumped out at
> me as "this should be corrected". So, I took it upon myself to do so
> and the patch is attached.
First off, thanks a mill for this! =)
> Changes:
>
> Index: mod_usertrack.xml
> ===================================================================
> @@ -123,6 +123,16 @@
> +
> + <note>
> + <p>Most browsers in use today will disallow cookies to be set for
> + a "two-part top level domain" such as <strong>.co.uk</strong>.
> This
I'd prefer "will not allow cookies to be set", rather than "will
disallow" - if you want to keep disallow, you'll have to change the
wording a little - "will disallow cookies from being [...]"
> + is because a two-part top level domain is equivalent to a top
> level
> + domain such as <strong>.com</strong>. Allowing such cookies may
> be
I had to read this several times before I understood what it meant. It's
definitely a useful piece of info to have in the docs, but perhaps we
could rephrase it a bit. My patch is attached, let me know if it's any
clearer, or if I've just been staring at this so long that I get it now =)
> + users' browsers. As of mid-2006, most browsers only fully support
> + <code>CookieStyle Netscape</code>.</p>
I've also changed this to "At the time of writing" - if these docs don't
get updated for another seven or eight years, at least then the reader
has to dig back to see how old and crufty they are, rather than having
it printed there before them =)
Noirin
Index: mod_usertrack.xml
===================================================================
--- mod_usertrack.xml (revision 413842)
+++ mod_usertrack.xml (working copy)
@@ -122,7 +122,21 @@
<p>The domain string <strong>must</strong> begin with a dot, and
<strong>must</strong> include at least one embedded dot. That is,
- ".foo.com" is legal, but "foo.bar.com" and ".com" are not.</p>
+ <code>.foo.com</code> is legal, but <code>foo.bar.com</code> and
+ <code>.com</code> are not.</p>
+
+ <note>Most browsers in use today will not allow cookies to be set
+ for a two-part top level domain, such as <code>.co.uk</code>,
+ although such a domain ostensibly fulfills the requirements
+ above.<br />
+
+ These domains are equivalent to top level domains such as
+ <code>.com</code>, and allowing such cookies may be a security
+ risk. Thus, if you are under a two-part top level domain, you
+ should still use your actual domain, as you would under any other top
+ level domain (for example <code>.foo.co.uk</code>).
+ </note>
+
</usage>
</directivesynopsis>
@@ -209,7 +223,8 @@
<p>Not all clients can understand all of these formats. but you
should use the newest one that is generally acceptable to your
- users' browsers.</p>
+ users' browsers. At the time of writing, most browsers only fully
+ support <code>CookieStyle Netscape</code>.</p>
</usage>
</directivesynopsis>
@@ -229,12 +244,13 @@
<override>FileInfo</override>
<usage>
- <p>When the user track module is compiled in, and
- "CookieTracking on" is set, Apache will start sending a
+ <p>When <module>mod_usertrack</module> is loaded, and
+ <code>CookieTracking on</code> is set, Apache will send a
user-tracking cookie for all new requests. This directive can
be used to turn this behavior on or off on a per-server or
- per-directory basis. By default, compiling mod_usertrack will
- not activate cookies. </p>
+ per-directory basis. By default, enabling
+ <module>mod_usertrack</module> will <strong>not</strong>
+ activate cookies. </p>
</usage>
</directivesynopsis>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
