On Wed, Jun 27, 2001 at 10:59:16AM -0700, Rob Bloodgood wrote:
> > me, on the other hand, i don't see the problem with
> >
> > on incoming request
> > if has-cookie 'session'
> > {
> > update serverside 'accesstime' for session[this] to NOW
>
> me, on the other hand, i don't see the problem with
>
> on incoming request
> if has-cookie 'session'
> {
> update serverside 'accesstime' for session[this] to NOW
Oh yeah? HOW???
> if not-modified-since
On Mon, Jun 25, 2001 at 04:54:59PM -0700, Rob Bloodgood wrote:
> > > maybe storing 'last-access-time' on the server, instead of in
> > > the client-side, via cookie, would solve this snafu?
> >
> > But if you want to give out a new cookie on every request ?
> > How would you prevent them from copy
> > maybe storing 'last-access-time' on the server, instead of in
> > the client-side, via cookie, would solve this snafu?
>
> But if you want to give out a new cookie on every request ?
> How would you prevent them from copying or tampering with the contents?
> a MD5-hash would stop them from cha
will trillich wrote:
>
> On Fri, Jun 22, 2001 at 12:32:28PM -0700, Doug MacEachern wrote:
>
> > quoting his email:
> > "The cookie records, in part, the time of the last access to
> > the site. Therefore for each access the cookie is updated."
> >
> > that to me sounds like a header "which may h
On Fri, Jun 22, 2001 at 12:32:28PM -0700, Doug MacEachern wrote:
> quoting his email:
> "The cookie records, in part, the time of the last access to
> the site. Therefore for each access the cookie is updated."
>
> that to me sounds like a header "which may have changed independently of
> the
Randal L. Schwartz writes
> Uh, it seems a bit fishy to me. "nothing's changed, but by the way,
> set this cookie please". Why change a cookie if nothing else has
> changed?
If the HTTP headers were only about the document then I would agree.
However, if we look at this set of headers from a t
Hi Randal,
the reason i want this, is that i am building a authentication-scheme which
uses tickets to make sure that only one user can be logged in on one account.
When the ticket expires and the old user wants another page i want to silently
reissue a new ticket if nobody else tried to login
> "Doug" == Doug MacEachern <[EMAIL PROTECTED]> writes:
Doug> i passed it along the same day:
Doug> http://hypermail.linklord.com/new-httpd/2001/Jun/0507.html
Doug> still awaiting response on my interpretation of the rfc, seems perfectly
Doug> valid to include the set-cookie header with a 30
Hi,
Thanks for your answer, saved me days of probably fruitless fidling around with
modperl.
Your solution solved my problems (see "Sending Cookies on Page-Reload")
the question remains if this violates some RFC's (or breaks some browsers),
and if there is some other way - like faking that the
> > How can I force Apache to send the Set-Cookie header even if the
> > document being delivered has not changed? I suspect that I am not
the
> > first person to run into this problem. A search of the list was
> > unsuccessful, unfortunately.
>
> i've not tested, but it looks like Set-Cookie is l
11 matches
Mail list logo
