diff options
| author | Noirin Plunkett <noirin@apache.org> | 2006-06-18 22:04:36 +0000 |
|---|---|---|
| committer | Noirin Plunkett <noirin@apache.org> | 2006-06-18 22:04:36 +0000 |
| commit | 256c8b5e1f68b404d1e2608ac43ab8a242febe89 (patch) | |
| tree | 66821508dbc4667059b56ea7ecf6575bb5f4afaf /docs/manual/mod/mod_usertrack.html.en | |
| parent | 737e626d2ba02e8dd645b0daf4f8e93a9a962a54 (diff) | |
| download | httpd-256c8b5e1f68b404d1e2608ac43ab8a242febe89.tar.gz | |
Things I forgot to commit
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@415207 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/manual/mod/mod_usertrack.html.en')
| -rw-r--r-- | docs/manual/mod/mod_usertrack.html.en | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/docs/manual/mod/mod_usertrack.html.en b/docs/manual/mod/mod_usertrack.html.en index b0aa05da4c..edabe6e748 100644 --- a/docs/manual/mod/mod_usertrack.html.en +++ b/docs/manual/mod/mod_usertrack.html.en @@ -130,7 +130,21 @@ time late in the year "37". <p>The domain string <strong>must</strong> begin with a dot, and <strong>must</strong> include at least one embedded dot. That is, - ".foo.com" is legal, but "foo.bar.com" and ".com" are not.</p> + <code>.foo.com</code> is legal, but <code>foo.bar.com</code> and + <code>.com</code> are not.</p> + + <div class="note">Most browsers in use today will not allow cookies to be set + for a two-part top level domain, such as <code>.co.uk</code>, + although such a domain ostensibly fulfills the requirements + above.<br /> + + These domains are equivalent to top level domains such as + <code>.com</code>, and allowing such cookies may be a security + risk. Thus, if you are under a two-part top level domain, you + should still use your actual domain, as you would with any other top + level domain (for example <code>.foo.co.uk</code>). + </div> + </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> @@ -204,7 +218,8 @@ time late in the year "37". <p>Not all clients can understand all of these formats. but you should use the newest one that is generally acceptable to your - users' browsers.</p> + users' browsers. At the time of writing, most browsers only fully + support <code>CookieStyle Netscape</code>.</p> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> @@ -218,12 +233,13 @@ time late in the year "37". <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_usertrack</td></tr> </table> - <p>When the user track module is compiled in, and - "CookieTracking on" is set, Apache will start sending a + <p>When <code class="module"><a href="../mod/mod_usertrack.html">mod_usertrack</a></code> is loaded, and + <code>CookieTracking on</code> is set, Apache will send a user-tracking cookie for all new requests. This directive can be used to turn this behavior on or off on a per-server or - per-directory basis. By default, compiling mod_usertrack will - not activate cookies. </p> + per-directory basis. By default, enabling + <code class="module"><a href="../mod/mod_usertrack.html">mod_usertrack</a></code> will <strong>not</strong> + activate cookies. </p> </div> |