-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stefan wrote:
I am using the following code to set a cookie for 30 seconds:
[clip]
Setting cookies with a short[1] lifetime is not reliable. The
reason for this is simple: The cookie expiry time is an absolute
value, not a delta, and this time is set by the server but
evaluated by the client. As a result if the clients clock is 29 seconds
ahead of the servers clock, and the server sends a cookie with a
30 second lifetime, the cookie only lives for 1 second.
What happens:
1. On the windows apache server the cookie disappears after 30 seconds
2. On the linux apache server the cookie disappears after hours????
This could (and probably is) caused by the server and client clocks
beeing out of sync and/or timezone related issues.
If you need short lived cookies, you'll have to include the
expiry time in the cookies *value*, and check it server side.
Bob
[1] The shorter the time, the lower the reliability. I'd say
anything less then a week is likely to get you into trouble
on a regular basis.
- --
| B. Johannessen <bo*@db.org> +47 97 15 20 09 -
http://db.org/
| Mail & Spam - News, Drafts & Standards -
http://db.org/blog/
| On The Origin Of Spam; Spam Statistics -
http://db.org/spam/
- --
-----BEGIN PGP SIGNATURE-----
iD8DBQFANErtooi sUyMOFlgRAllbAJ 0VZQoYBkUbSzoy7 3fuwH2I0eMq0QCe Pcb1
a06yMkT4fjGOtSG goxqAIwQ=
=WAhe
-----END PGP SIGNATURE-----