Hi Randal,
the reason i want this, is that i am building a authentication-scheme which
uses tickets to make sure that only one user can be logged in on one account.
When the ticket expires and the old user wants another page i want to silently
reissue a new ticket if nobody else tried to login with this account.
Another idea i might implement is that i could send a changed cookie on every
new page, so that even if somebody copied the cookie-file from one computer
to another he could not get in as user#1.
Makes sense ?
(or would you solve this problem in some other way?)
"Randal L. Schwartz" wrote:
>
> >>>>> "Doug" == Doug MacEachern <[EMAIL PROTECTED]> writes:
>
> Doug> i passed it along the same day:
> Doug> http://hypermail.linklord.com/new-httpd/2001/Jun/0507.html
>
> Doug> still awaiting response on my interpretation of the rfc, seems perfectly
> Doug> valid to include the set-cookie header with a 304 response.
>
> Uh, it seems a bit fishy to me. "nothing's changed, but by the way,
> set this cookie please". Why change a cookie if nothing else has
> changed?
>
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
> <[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
