diff options
author | brian <brian@unknown> | 1998-07-01 06:52:32 +0000 |
---|---|---|
committer | brian <brian@unknown> | 1998-07-01 06:52:32 +0000 |
commit | 7b2795afa3e85b4fa8efa675fd4bb77aa95f7066 (patch) | |
tree | 7cfd40ceb08b96e6db158aa21056931e8c740c72 | |
parent | f6a39ffb9c68383376b3cbceccabef48fad0330b (diff) | |
download | httpd-7b2795afa3e85b4fa8efa675fd4bb77aa95f7066.tar.gz |
PR:
Add analysis done by Christian Sane
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@81633 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | docs/manual/mod/mod_usertrack.html | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/docs/manual/mod/mod_usertrack.html b/docs/manual/mod/mod_usertrack.html index 024e509ba6..ee4ba182c1 100644 --- a/docs/manual/mod/mod_usertrack.html +++ b/docs/manual/mod/mod_usertrack.html @@ -110,6 +110,48 @@ requests. This directive can be used to turn this behavior on or off on a per-server or per-directory basis. By default, compiling mod_usertrack will not activate cookies. +<HR> + +<H2>2-digit or 4-digit dates for cookies?</H2> + +(the following is from message +<022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com> in +the new-httpd archives) + +<P> + +<PRE> +From: "Christian Allen" <christian@sane.com> +Subject: Re: Apache Y2K bug in mod_usertrack.c +Date: Tue, 30 Jun 1998 11:41:56 -0400 + +Did some work with cookies and dug up some info that might be useful. + +True, Netscape claims that the correct format NOW is four digit dates, and +four digit dates do in fact work... for Netscape 4.x (Communicator), that +is. However, 3.x and below do NOT accept them. It seems that Netscape +originally had a 2-digit standard, and then with all of the Y2K hype and +probably a few complaints, changed to a four digit date for Communicator. +Fortunately, 4.x also understands the 2-digit format, and so the best way to +ensure that your expiration date is legible to the client's browser is to +use 2-digit dates. + +However, this does not limit expiration dates to the year 2000; if you use +an expiration year of "13", for example, it is interpreted as 2013, NOT +1913! In fact, you can use an expiration year of up to "37", and it will be +understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure +about versions previous to those). Not sure why Netscape used that +particular year as its cut-off point, but my guess is that it was in respect +to UNIX's 2038 problem. Netscape/MSIE 4.x seem to be able to understand +2-digit years beyond that, at least until "50" for sure (I think they +understand up until about "70", but not for sure). + +Summary: Mozilla 3.x and up understands two digit dates up until "37" +(2037). Mozilla 4.x understands up until at least "50" (2050) in 2-digit +form, but also understands 4-digit years, which can probably reach up until +9999. Your best bet for sending a long-life cookie is to send it for some +time late in the year "37". +</PRE> <!--#include virtual="footer.html" --> </BODY> |