PR:

Add analysis done by Christian Sane


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@81633 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 42 insertions, 0 deletions

diff --git a/docs/manual/mod/mod_usertrack.html b/docs/manual/mod/mod_usertrack.html
index 024e509ba6..ee4ba182c1 100644
--- a/docs/manual/mod/mod_usertrack.html
+++ b/docs/manual/mod/mod_usertrack.html
@@ -110,6 +110,48 @@ requests. This directive can be used to turn this behavior on or off
 on a per-server or per-directory basis.  By default, compiling
 mod_usertrack will not activate cookies.
 
+<HR>
+
+<H2>2-digit or 4-digit dates for cookies?</H2>
+
+(the following is from message
+&lt;022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com&gt; in
+the new-httpd archives)
+
+<P>
+
+<PRE>
+From: "Christian Allen" &lt;christian@sane.com&gt;
+Subject: Re: Apache Y2K bug in mod_usertrack.c
+Date: Tue, 30 Jun 1998 11:41:56 -0400
+
+Did some work with cookies and dug up some info that might be useful.
+
+True, Netscape claims that the correct format NOW is four digit dates, and
+four digit dates do in fact work... for Netscape 4.x (Communicator), that
+is.  However, 3.x and below do NOT accept them.  It seems that Netscape
+originally had a 2-digit standard, and then with all of the Y2K hype and
+probably a few complaints, changed to a four digit date for Communicator.
+Fortunately, 4.x also understands the 2-digit format, and so the best way to
+ensure that your expiration date is legible to the client's browser is to
+use 2-digit dates.
+
+However, this does not limit expiration dates to the year 2000; if you use
+an expiration year of "13", for example, it is interpreted as 2013, NOT
+1913!  In fact, you can use an expiration year of up to "37", and it will be
+understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
+about versions previous to those).  Not sure why Netscape used that
+particular year as its cut-off point, but my guess is that it was in respect
+to UNIX's 2038 problem.  Netscape/MSIE 4.x seem to be able to understand
+2-digit years beyond that, at least until "50" for sure (I think they
+understand up until about "70", but not for sure).
+
+Summary:  Mozilla 3.x and up understands two digit dates up until "37"
+(2037).  Mozilla 4.x understands up until at least "50" (2050) in 2-digit
+form, but also understands 4-digit years, which can probably reach up until
+9999.  Your best bet for sending a long-life cookie is to send it for some
+time late in the year "37".
+</PRE>
 
 <!--#include virtual="footer.html" -->
 </BODY>